Phishing: How cyber criminals spy on SMEs 

Are you aware that the number of cyberattacks on Swiss SMEs is increasing rapidly? The Federal Office for Cyber Security already recorded a dramatic increase to over 30,000 attacks within six months at the end of 2023. The situation has not improved in 2024. Phishing attacks in particular are on the rise.

Phishing attacks are no longer just a problem for large corporations. Swiss SMEs are increasingly becoming the target of cybercriminals. According to the 2024 Cyber ​​Study, 4% of the SMEs surveyed have been victims of a serious cyberattack in the last three years, which, extrapolated to Switzerland, corresponds to around 24,000 companies. Alarmingly, 40% of companies do not have an emergency plan or business continuity strategy in place in the event of such an attack. Increasing digitalization and the often limited resources for IT security make SMEs attractive targets for phishing attacks.

The Top 5 Phishing Methods Explained with Concrete Examples

Cybercriminals are masters of deception and are constantly developing new tactics to obtain sensitive data. Here are the most common phishing methods, illustrated with real-life examples:

  1. Email Phishing
    Fraudulent emails that appear to come from trusted institutions in order to obtain sensitive information. Example: You receive an email that appears to be from the Swiss Post. It asks you to pay an outstanding customs fee for a package. However, the attached link leads to a fake website designed to steal your credit card information.
     
  2. Spear Phishing
    Targeted attacks against specific individuals within a company, often using personal information. Example: Your company's CFO receives an email from the supposed CEO urgently requesting a transfer to a new supplier. The email address differs only minimally from the real one, making the deception perfect.
     
  3. CEO Fraud (Business Email Compromise):
    Attacks in which attackers falsify the identity of executives (e.g., CEO) and trick employees into making money transfers or sharing confidential data. Example: An accountant receives a supposedly urgent instruction from the managing director to transfer a six-figure sum to a specific account – a classic CEO fraud tactic.
  4. Smishing (SMS Phishing)
    Phishing attacks that use SMS messages to steal personal data. Example: You receive an SMS from "your bank" informing you of suspicious account activity and asking you to click a link to verify your account. The link leads to a fake website that captures your login information.
  5. Vishing (Voice Phishing)
    Phishing attacks that use phone calls to obtain confidential information. Example: A caller claims to be a technician from your IT service provider and asks for your login details to resolve an urgent issue. They use technical jargon to appear credible.
     
  6. Clone Phishing
    Attackers clone legitimate emails and replace attachments or links with malicious versions. Example: A legitimate email from a known business partner is intercepted, copied, and resent to you with a malicious attachment. Because the email is historically accurate, the fraud is barely noticeable.
     
  7. Pharming
    Instead of email, this attack occurs directly via manipulated DNS entries that redirect users to fake websites, even if they enter the correct web address. Example: An employee attempts to log in to the company banking website, but due to a pharming attack, ends up on a deceptively real copy and discloses their login credentials.

Phishing techniques: A brief overview 

Phishing attacks use various technical methods to obtain sensitive data. A quick understanding of these techniques helps in implementing effective protection measures.

  • Email spoofing: Forging sender addresses through SMTP manipulation.
    Protection: Implementing SPF, DKIM, and DMARC.
  • DNS spoofing/pharming: Redirecting users to fake websites via manipulated DNS records.
    Protection: Using DNSSEC.
  • Homograph attacks: Using similar-looking characters in URLs to deceive.
    Protection: Thoroughly checking URLs and SSL certificates.
  • Man-in-the-Middle attacks: Intercepting and manipulating traffic using SSL stripping or ARP spoofing.
    Protection: Use of TLS and strict transport security policies (HSTS).
  • Malware phishing: Sending malicious attachments or links to exploits.
    Protection: Up-to-date security software and regular updates.

The 10 tell-tale signs of a phishing email 

Phishing emails are one of the most common methods cybercriminals use to obtain your personal data. They disguise themselves as trusted senders and attempt to trick you into disclosing sensitive information or downloading malicious files. To protect yourself from these attacks, it is important to know the typical characteristics of a phishing email.

  • Unusual sender address: The sender's email address does not match the name of the company or person the email claims to be from.
  • General greeting:The email begins with a general greeting such as "Dear Customer." instead of your name.
  • Urgency or threats: The email creates a sense of urgency or threatens negative consequences if you do not act immediately.
  • Unusual attachments: The email contains attachments that you did not expect or that seem suspicious (e.g., executable files).
  • Suspicious links: The links in the email lead to websites that do not correspond to the company the email claims to be from.
  • Spelling and grammatical errors: The email contains numerous spelling and Grammatical errors.
  • Unusual requests:The email asks you to provide personal information such as passwords or credit card details.
  • Unexpected email:You have no interaction with the sender of the email, so the email comes unexpectedly.
  • Tone and style are unusual:The tone and style of the email are unusual or do not fit the company or person the email claims to be from.
  • The email is too short:Phishing emails are often kept short to avoid errors.

Protective measures at technical and organisational level 

Companies have a responsibility to proactively protect themselves against phishing attacks. A comprehensive approach that includes both technical and organizational measures is crucial.

Technical Measures

  • Modern Anti-Phishing Solutions
    Deploy email gateways and web filters with AI technologies to proactively block suspicious emails and websites. Sandbox environments enable secure testing of attachments.
  • Multi-factor authentication (MFA)
    Supplement logins with additional security factors such as tokens or biometric data to prevent unauthorized access.
  • Regular updates and patches
    Implement automated patch management to keep software and systems up-to-date and close security gaps.
  • Email authentication protocols
    Use SPF, DKIM, and DMARC to verify the authenticity of incoming emails and prevent spoofing.
  • Network segmentation and zero-trust principle
    Divide your network into segments and strictly control access to make it more difficult for malware to spread.
     

Organizational Measures

  • Develop security policies
    Define clear guidelines for handling emails, attachments, and sensitive data. Update these regularly.
  • Access Management
    Grant employees only the necessary rights (least privilege) and implement Role-Based Access Control (RBAC).
  • Emergency and Incident Response Plans
    Create detailed action plans with defined responsibilities and conduct regular exercises.

Best Practices for Employee Training

  • Regular Awareness Raising
    Train your employees at least quarterly on current threats and phishing methods, adapted to their roles.
  • Interactive Training and Simulations
    Use Workshops and phishing simulations to reinforce knowledge in a practical way and increase awareness.
  • Phishing tests with feedback
    Conduct internal tests to assess vigilance and offer targeted feedback and additional training.

By combining these technical and organizational measures, you can sustainably strengthen your company's defenses against phishing attacks.

Emergency plan in the event of a successful phishing attack 

Even with the most comprehensive security measures, a phishing attack can be successful. In such cases, it is crucial to have a clearly defined emergency plan in order to respond quickly and effectively.

Immediate measures

  1. Isolate systems: Disconnect affected devices from the network.
  2. Change passwords: Update all access data.
  3. Inform authorities: Report the incident to the NCSC.
  4. Internal communication: Inform all employees about the incident.
  5. Forensic investigation: Analyze the attack to identify vulnerabilities.
  6. Adapt measures:Update your security strategies based on the findings.

MTF: Your partner for cyber security & phishing prevention 

Phishing attacks are a serious threat to Swiss SMEs. However, with the right measures, you can minimise the risk considerably. Invest in technology, train your employees and draw up an effective emergency plan. This way, you will be well equipped to protect your company from cyber threats.

Are you ready to optimally protect your company against phishing attacks? MTF is at your side as an experienced IT service provider. Contact us to find out more about our customised security solutions for Swiss SMEs!

FAQs 

  1. What is phishing?
    Phishing is a form of cybercrime in which fraudsters attempt to obtain personal information such as passwords or credit card details. This often occurs via deceptively authentic-looking emails or websites.
     
  2. Why are companies often the target of phishing attacks?
    Companies are attractive targets because they often have valuable data such as customer databases, financial information, and access to sensitive systems. In addition, targeted attacks (e.g., spear phishing) can trick individual employees into accidentally disclosing access data.
     
  3. How do I recognize a phishing email?
    Typical characteristics of a phishing email are:
    - Spelling errors and unprofessional wording
    - Suspicious sender addresses
    - Urgent calls to action ("Your account will be blocked!")
    - Links that lead to external or fake websites
     
  4. What role does employee awareness play?
    Employees are the first line of defense against phishing. Training helps them recognize and respond to phishing attempts. This significantly reduces the risk of an attack being successful.

Do you have Questions ?

Fabian Müller
Geschäftsleiter Region Schaffhausen