Phishing: Even Small Fries Are At Risk

The digital space is an ever-evolving platform, making it harder for people and companies to keep up with the latest ways to keep their data safe. With the global pandemic changing the way people work and do business, came an increase in phishing emails. At the start of the pandemic between February and March 2020, phishing emails exploded at an increased rate of 667%. Phishing criminal attacks are targeted, researched, and well-thought-out, so they wasted no time taking advantage of the climate that COVID-19 created. Let us look at a theoretical case of a small business falling victim to a phishing attack and how they sought justice. 

Jane Doe opened a small pharmaceutical company about two years ago when she discovered a need in her community and has about 20 employees that work in her store. She makes purchases through several reputable suppliers to get her medications in stock for her customers and keeps all her necessary customer and drug-related information in files on the office computer that only she and her two managers have access to. 

One day before opening, Jane Doe was in the office checking her emails. She received an email from one of her suppliers that informed her of an issue with her order and that she would need to click the link included in the email to resolve the problem. When she clicked through and put in her information, the website stopped working. After logging in on another tab and not finding issues, she took it up as a system glitch and carried on with her day. 

A week later, when the supplier came to drop off her shipment, she stopped them to ask about the email she received about the issue with her account. They informed her that there was never an issue with the account, and to call their support line to investigate further. Once she got in contact with the support team, they determined that their system did not send out any problem or error emails and that Jane Doe was likely the target of a phishing attack. 

After learning of this, Jane Doe had her lawyer contact a digital forensics company to investigate the contents of the office computer. Using their sophisticated and advanced technology and software, they were able to determine that it was indeed a phishing attack known as Whaling. Once the company was done extracting and analyzing all the necessary data, they were able to provide Jane Doe with evidence that she needed to pursue the responsible party in a court of law. Thanks to digital forensics, Jane Doe was able to remain in business, and damages were addressed.