According to Wombat Security State of the Phish 2017, 76% of organizations reported phishing attacks last year. Approximately, three out of four companies were said to be victims of phishing. Symantec confirmed that phishing rates have increasingly affected industries.
Ever wondered how you could prevent phishing in your company? Well, creating awareness among your employees is a great place to start, and it’s a way of helping them identify phishing. Companies have invested in active security awareness technology so should you.
What is Email Phishing?
Email phishing occurs through email links. It’s disguising the trust of a user, without their permission mainly for malicious reasons. Often the emails contain links that are infected by malware.
Common Examples of Phishing Attacks
1. Infected Files
.JS and.DOC files are accessible in use for a variety of reasons. However, they are prone to malicious attachments as compared to .HTML files. First, there is a high chance of antivirus discovery since the .JC and.DOC files support email attacks. Additionally, these data relate to credential phishes. As a result, financial institutions majorly use HTML attachments, and this is why you’ve probably seen them in your bank emails.
2. Macros that Bypass Antivirus
Have you ever thought of the likelihood of malicious macros getting past your antivirus programs? Well, it is possible. Macros found in phishing emails have become a common way of jeopardizing your data. Usually, a document appears that takes you through the process, and by completion, an attack occurs. However, if you fail to enable the macros, the attack doesn’t happen.
3. Exploits in Social Media
Phishing is unavoidable on social media platforms especially the Facebook platform. Recently, messages that contained SVG (Scaleable Vector Graphic) images bypassed Facebook’s file filters that needed users to view missing files. Users who opened the file were redirected to a YouTube page that required the installation of two Chrome extensions allegedly needed to see the non-existent videos.
4. Tech Scams
It’s obvious that bad guys have taken advantage of your online accounts. Once in a while, you may detect unusual activities in your user accounts that may appear legitimate enough for you to open if you aren’t paying attention.
Security notices such as “unusual login activity” may pop up. According to Researchers at Proofpoint who identified 45% of BEC attacks rise in 2016 alone. Furthermore, the FBI stressed and accounted for more than $5 billion losses between October 2013 and December 2016 with more than 24,000 victims worldwide.
5. CEO Fraud
Business email compromise (BEC) scams observed a significant growth where an attacker pretends to be a CEO and attempts to maliciously get information from the people related to the company example, customers and employees. The main aim is to transfer funds and confidential details.
How to Test Employees for Phishing Awareness
- Practical Tests to Measure their Understanding
You as an employer should emphasize multiple tests that accompany the awareness training. These texts depict the partial knowledge of the employees on phishing using real-world scenarios. Additionally, incorporate practical tests too to increase their know-how.
- Use of Fake Phishing Emails.
The most reliable training method is by sending phishing emails to your employees and noting the ones that make them vulnerable. Emails that trick them most should be added in the next awareness session. The goal of the fake emails is to help the employees realize that they missed on something.
- Protection Against Ransomware
It is likely that your staff find it hard to understand the ransomware threat. This difficulty is the reason why you need a precise but detailed mini-module that shows them how to deal with this types of infections.
- Social Engineering
Smishing and vishing, commonly known as text phishing and voice phishing respectively, are the standard phishing types that your employees should beware of. The social engineering module is meant to help your employees identify these phishing attacks.
Both the employees and the senior manager are prone to security gaffes; they struggle with phishing awareness. As a senior manager ensure that you make follow-ups after testing your employees. Arrange scheduled workshops too for top executives to enlighten themselves on phishing.