Heimdal
article featured image

Contents:

Pepco Group, a leading European retailer, recently disclosed a significant financial loss due to a phishing attack on its Hungarian operations.

The incident, which led to a €15 million setback, sparks a conversation about the sophistication of cyber-attacks and the measures companies must take to protect themselves.

What happened to Pepco?

Pepco, operating across 21 countries with a vast network of 4,800 stores, fell victim to a “sophisticated fraudulent phishing attack,” resulting in a cash loss of approximately €15.5 million before any potential recovery efforts.

“The attack has resulted in a loss of approximately €15.5 million in cash, before any potential recovery.

It is unclear at this stage whether the funds can be recovered, although Pepco is pursuing various efforts through its banking partners and the police.

At this stage, the incident does not appear to have involved any customer, supplier or colleague information or data.”

Pepco Group’s security notice (Source)

Spear phishing, Phishing as-a-service and generative AI

According to Statista, in 2022, over half of the surveyed organizations worldwide encountered malware infections due to a spear-phishing attack.

Spear-phishing is a tactic that involves sending emails from seemingly trusted sources to dupe recipients into transferring money or divulging sensitive information.

Its success largely depends on its personalized approach and the psychological manipulation of its targets.

Phishing-as-a-Service

In addition, Phishing-as-a-Service has significantly lowered the barrier to entry for cybercriminals, simplifying access to phishing tools and techniques.

This model, similar to legitimate software-as-a-service offerings, provides everything an attacker needs — from phishing kits to fake websites — for a fee.

This accessibility has led to an uptick in phishing attempts, with attackers no longer needing advanced technical skills to launch successful scams.

LLMs and phishing

Large language models can tailor phishing emails and messages with a level of personalization and sophistication previously unattainable for the average cybercriminal.

By analyzing and mimicking the communication style of specific individuals or organizations, LLMs can produce content that appears legitimate to unsuspecting recipients.

This not only raises the success rate of phishing attacks but also makes it harder for people to distinguish between genuine and malicious communications.

Anti-spear-phishing measures

To protect against spear phishing attacks, companies should implement a comprehensive security strategy that includes:

Employee training

Employees need regular training to understand spear phishing. Phishing courses and tests are a good way to practice spotting these threats.

Multi Factor Authentication (MFA)

Use MFA for access to data and systems that are sensitive. With multifactor authentication (MFA), even if credentials are stolen, unauthorized access is still stopped.

It also significantly enhances security against credential stuffing, brute force, man-in-the-middle attacks, and session hijacking.

Multi-layered security solutions

Investing in comprehensive cybersecurity solutions can help you prevent spear-phishing attempts. Your “anti spear-phishing stack” should include endpoint security products such as:

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE