What did you see in the image? A flower, or a predatory insect masquerading as a flower? You saw the insect? Give yourself a pat on the back, there’s no pulling the wool over your eyes. I’m sure you’re equally adept at spotting malicious emails pretending to be something they are not. How many people, do you think, do not spot the clues that give away such emails and consequently wreak havoc on their workplace by clicking a link they shouldn’t?
In simulated phishing attacks conducted by Wombat, on average, 12% of people clicked links in bogus commercial emails: business-related emails that are not organization-specific, such as shipping confirmations and wire transfer requests. It varied a lot across industries – almost a third of people who worked in the technology sector got caught out!
It’s not just emails, too – social media, messaging, and forums can all harbor phishers. According to the Wombat report three quarters of organizations experienced phishing attacks in 2017 – that’s a lot of potential havoc. Phishing emails can result in your organization paying millions into fraudulent bank accounts – such as MacEwan University in Edmonton, Canada, which lost $11.8 million – needing to provide credit monitoring and identity theft services to thousands of members, like CareFirst, or being unable to access data or use computers unless, and until, a ransom is paid – when this happens to a hospital, operations get canceled.
What can you do to protect your organization from phishing?
Anti-malware installed on your computers will stop some phishing attacks, but not all. It takes just one person to bring the whole business to a halt by falling for the bait. Phishing emails do have tell-tale signs, such as not-quite-correctly-spelt weblinks, so make sure your staff know what to look for. Our online Phishing Staff Awareness Course can be taken and tested in about 45 minutes from the comfort of your staff’s desks. And remember, always back up your data, so if the worst happens, all is not lost.