|Why Phishing Works||»|
|Does Education Work?||»|
Almost all organizations today use a variety of technologies and security policies in an attempt to reduce the number of phishing attacks that reach the end user. Often this starts with some filtering of email prior to delivery, with the filters attempting to identify potential attacks based on the origin, content of the email or just the sheer volume of the same email hitting the servers.
Some organizations implement Sender Policy Framework for their domain, restricting externally generated email from pretending to be from an internal email address. A step further, virus scanning software helps limit the number of dangerous attachments that make it to the user’s desktop. Many organizations also put controls on local systems to limit the ability of malicious code to execute from an attachment in an email.
Unfortunately, phishers constantly work to identify ways to get past all of the aforementioned technical controls, even as the sophistication level of these controls continues to ramp up.
In general, the controls most organizations put in place are very good at stopping high volume and low sophistication attacks, but have a more difficult time as the attacks become more targeted and fly under the radar – exactly the type of spear phishing effort that is so prevalent today.Once in the employee’s inbox, there is a high probability - about 60% - that an untrained staff member will miss all of the indicators that the email is in fact a scam and will indeed click on a hyperlink or open a file attachment within the email. There is no technology filter or screener that can stop that 60% from clicking!
The most effective way to counter these types of attacks is to train the recipients on how to identify and avoid a well-crafted spear phish on their own. PhishMe is entirely designed to provide a streamlined approach to help you raise employee awareness and reduce the likelihood of this type of attack succeeding.