Phishing attacks have been making news headlines recently as more and more companies have experienced an increase in attacks. Indeed, 60% of organisations surveyed for the report by Wombat Security said that “the rate of phishing attacks has increased overall”.
Phishing attacks come in many forms:
- Spear phishing – targeted attacks on staff through personalised emails to increase the probability that they will be opened and clicked.
- Whaling – targeted attacks on important end-users like C-level corporate executives to access accounts with administrator or special privileges.
- Vishing – attacks through phone calls.
- Smishing – attacks through SMS messaging.
Beware of commercial and corporate emails
The report found that people are more likely to fall victim to phishing attacks when they receive the sort of emails they expect to see in their corporate email box, such as official corporate communications, invoices, confidential HR documents, shipping confirmations, wire transfers, etc.
Mistakenly believing the phishing email to be a work-related communication from a trusted or known sender (at first glance anyway –the email address is usually subtly misspelled), they open it and click a malicious link masked by “click to see the invoice”, “click to read more”, “click to confirm”, etc. In seconds, malware is installed on the machine without the user knowing it.
Ongoing staff awareness training is the key
92% of respondents to Wombat’s survey already train end users to identify and avoid phishing messages, recognizing the importance of staff induction and ongoing training in keeping their companies’ boundaries secure. Follow their example and buy the Phishing Staff Awareness e-Learning course. Using non-technical language, real-life scenarios, and thought-provoking questions, the Phishing Staff Awareness e-Learning course guides your employees through the realm of phishing attacks, teaching them how to spot the different forms of scam used by cyber criminals.