You’ve heard a lot about phishing, but are you aware of the damage it can really cause?
Phishing is a method by which criminals and fraudsters try to either pilfer your data, steal your login credentials, or trick you into downloading malware. These kind of attacks rely heavily on the victim committing an action, such as clicking a link or opening an attachment. The criminals at work here have a multitude of different ways of convincing you to do this, and it usually doesn’t take much; a crafted tug on human emotions, a simple duplication of something you would normally see and click or the promise of a sneaky look at something you shouldn’t is often enough to have you taking the bait and clicking before you think.
The personal risks
The theft of your credentials to a certain website can go much further than just having an account hijacked. Often these criminals sell on your credentials to others in the hope of making some quick cash, or they try the passwords to login across many different accounts. If you reuse the password (including similar passwords), don’t change it regularly, or inadvertently give away your security question answers, then the results could be far more damaging than just having to reset the password to one account. Criminals could gain access to a wide range of your online accounts including banking information, essentially taking over your online identity or giving them access to sensitive information that could be potentially damaging for you or people you know in many different ways.
The organisational risks
Phishing is a common method criminals use to gain access to an organisation’s data- five out of six large companies were targeted with spear phishing attacks in 2014, and SME’s also saw an increase of 30%.Organisations previously affected by phishing scams involve, Sony, BBC, Walmart, The White House, NATO Conference in Wales, the BBC, UK Chartered Institute for Securities and Investment.
If you use similar passwords at work and at home, have access to work files and systems on a personal device or fall for an attack at work, then the potential risks can extend far beyond those described above; the consequences here can end up being very serious indeed. Instead of it ‘just’ being your personal information at risk, criminal access to your organisation can expose sensitive operational information, staff information, client and supplier information, and information that could be sold to competitors or used as a ‘hostage’ in order to demand a ransom. All of this has the potential to damage business, degrading the organisation’s reputation, causing down-time and exposing critical systems and information.
Our solution to help!
We offer a simulated phishing campaign to enable your employees to understand everything they need to know about Phishing and safeguard both their information, and the critical data of your organisation.
‘Think Before You Click!’ is a powerful, engaging training campaign that will show people the very real dangers of Phishing, and teach them how to protect their organisation and themselves in a way they will never forget.
As well as the unique training material for the office and intranet, the campaign also includes a bespoke eLearning module designed with our signature mix of animation and interactivity for maximum engagement and retention.
Bob’s tips to help you Think Before You Click:
- Phishing isn’t just email- it can also be in the form of texts, messages, online posts, and phone calls (AKA ‘Vishing’)
- Phishing needs you to bite- Don’t act on any suspected phishing attempts, beyond reporting them to the relevant people
- Sense check. If something doesn’t feel right, it’s probably phishy!
- Check the quality. If something doesn’t look right, uses bold emotive language, or uses inconsistent branding, then don’t risk it.
- Check The URL. Should you follow the link always check the address of the website you’re directed to. Sometimes addresses can be completely different, but often there are just small differences, such as ‘.om’ instead of ‘.com’, ‘linkedLn’ instead of ‘linkedin’ or ‘amazonsecurelogin.ssl-security.com’ instead of ‘www.amazon.com’
- If you receive an email and you are unable to work out whether or not it is a phishing email, report it to the website from whom it claims to be from before you take any action.
- Should you be unlucky enough to fall victim to a phishing email, report it to the website being impersonated or the police immediately.
We are attending Infosecurity Europe 2016 at The Olympia in London from 7th-9th June.
If you would like to say hi to Bob, try your hand at #DetectDamien or chat about our products including Think Before You Click, come down and visit stand A55!
If you would like to learn more about our Think Before You Click training simulation or watch a short video from our subject matter expert Dr Daniel Dresner, visit our blog entry here: https://bobsbusiness.co.uk/blog/entry/could-you-spot-a-phish/
Or alternatively, get in touch directly! Contact Us