|Why Phishing Works||»|
|Does Education Work?||»|
Not only has the number of phishing attacks risen dramatically over the past five years, but so too has the sophistication and deceptiveness of these attacks.
Phishing is a technique utilized by hackers to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy, legitimate electronic communication. Phishing scenarios are typically carried out through e-mail and often contain links to a fake website with a look and feel almost identical to a legitimate site. Once on the site users are cajoled into entering usernames and passwords or other sensitive information that will provide hackers with broad access to data.
No longer relying on a wide net of random emails, proclaiming deep discounts on prescription drug sales, the Nigerian Scam or links to login to online banking sites, phishing attacks these days are much more targeted and sophisticated. Oftentimes, these attacks arrive in an employee’s inbox disguised as coming from internal managers and departments such as Human Resources or the information technology department.
These “Spear Phishing “ attacks focus on a small, targeted audience, and look to catch just a few – or perhaps even one big fish– utilizing bait customized with information specific to your company or terms commonly used in your line of work. These seemingly legitimate emails appear to be authentic (with the exception of the click-through URL) and cause even the most skeptical employees to lower their guard and eliminate any skepticism that the email could be a scam.
Most of us believe we would never fall for such a thing. But when an employee receives an email from an individual email address that makes specific mentions of actual managers, policies or procedures for their company, along with bait such as “new bonus programs” or “healthcare enrollment”, how many of us would fall for it? More than you would think!
How Susceptible is Your Organization?
Clients that run mock spear phishing exercises with PhishMe find 58% of first time recipients to be vulnerable to such emails.
That’s 58% of employees that will let their guard down and open up their internal systems to hackers to steal client account credit card and login information or to gain access to protected internal company systems. And with half of the victims of phishing scams responding to the fraudulent email within four hours of receipt, even companies with the most vigilant and aggressive IT departments and monitoring systems are vulnerable to the latest attacks.
Which is where PhishMe and its hands-on training comes into play – educating employees and customers on how to spot spear phishing attacks and to avoid acting on them all together.