The Anti-Phishing Working Group’s (APWG) “Phishing Activity Trends Report” findings indicate that there were over 1.2 million known phishing attacks in 2016. That is a huge 65% increase over 2015, and it is the highest annual total since APWG began monitoring attacks in 2004.
Phishing emails are designed to gain attention and action an immediate response with the potential victim lulled into reacting quickly and clicking on the fraudulent call to action. On average, phishing sites are online for less than 15 hours, which makes it super difficult to quickly identify and block them. To add to this, close to 100% of phishing URLs point to malicious pages or sites within benign domains, which helps them seem like legitimate sources.
It’s this level of sophistication that makes phishing so devious. It usually arrives as a harmless looking email and convinces you to action – usually by clicking a link or opening a file. And at that stage, that’s game over.
Undoubtedly, there are many out there who know what to look for in a phishing email. However, it only takes one person to action a phishing email for it to lead to financial and reputational damage for your company. This is why we consider it so important to utilise a phishing test for your employees.
Most of us have PayPal accounts, and so it’s only natural that if we receive an email from the PayPal folks that we’d want to check it out.
Many people would likely click the below email but by utilising regularly implementing this kind of phishing exercise for your users will be able to identify the following when looking at the below email:
• Is the address the one linked to their PayPal account – what does the ‘to’ field actually say?
• Bad grammar and spelling are obvious signs of phishing, especially from big companies who will have copywriters and editors on payroll to ensure this doesn’t take place in external communication
• No personalization – The name is blank and instead is just a generic ‘Hello PayPal Customer’
• Scare tactic – phishing attacks will often make you think something is wrong with your account such as ‘Your Account PayPal is Limited’ to scare you into clicking the Call to Action.
By regularly implementing a phishing test for your organisation you will raise your employees cyber security awareness and enable them to spot these key telltale signs on phishing emails. However, many cyber criminals are more sophisticated than this and can skillfully avoid all the points above.
Training is key in protecting against phishing attacks and the implementation of phishing tests is integral for the protection of your company. It may seem like a simple idea, but training is effective. If you teach staff what to look out for when it comes to a phishing email then you are already going a long way to protecting yourself and your business from a phishing attack.
Have you been caught out by a phishing email, or have you seen one of the danger signs ahead of time and been able to identify it before its been too late? Let us know in the comments below.