Over recent weeks we have seen reports that yet again the cyber criminals demonstrate no morals to who they target. Two recent examples are:
A charity that protects and restores woodland in England, Northern Ireland, Scotland, and Wales has been targeted by a "sophisticated, high level" cyber-attack.
Official figures from NHS Digital show that NHS staffers were hit by 137,476 malicious emails last year.
What is a Phishing attack?
Phishing is a Cyber Security attack that uses Social Engineering to attempt to steal data, login credentials, payment information, or even just as a means to initiate a malware attack.
There are many variations on phishing out there and more being created all the time, but the most commonly seen and used form is traditional Phishing, which is the use of fraudulent emails to gain access to a system or information. These emails often contain links to malicious websites, attachments with hidden malware or even malware hidden in images within the email.
Phishing is the most commonly utilised tool by Cyber Criminals to exploit an organisation or individual. So how do we protect ourselves from these attacks?
Never click on links, download files or open attachments in unexpected or suspicious looking emails or social media.
Be wary of threats, urgent deadlines, gifts or competitions as these are all social engineering tools used to encourage and manipulate you into clicking links and giving up information.
Re-read emails for mistakes in spelling, grammar etc. Other things to look for are emails that aren’t quite right like firstname.lastname@example.org as these are used to look genuine at first glance but are often purely masks hiding the real origin email.
Don’t trust shortened links like those from shortening services like Bitly as Cyber Criminals often hide malicious links behind these shortened links.
What can you do?
1. Train your staff
This is a great 1st line of defence but how affective is the training provided.
2. Conduct Phishing simulations
Many organisations have started running phishing simulations where they, in a safe and controlled environment, send out phishing emails designed by the organisation or 3rd party upon request.
Instead of stealing information or doing other malicious activities these simulated phishing attacks instead track which users fall victim to the attack, who did not and what the organisation’s level of awareness is.
What does this achieve?
This helps organisations determine the level of training or other work needed to improve employee awareness and helps build a culture and environment of vigilance and security awareness and forms part of a Phishing Awareness Program.
This is a great article created by our partners MetaCompliance.
How can we help
There are hundreds of companies who can conduct these simulations for you as a one of exercise or on going service.
GB3 can not only conduct these simulations for you but also provide a full program of learning by utilising the combined solution of MetaCompliance and GB3 security consultants - we think you'll be amazed at how little it costs.
Source: InfoSecurity Magazine
Solution: Speak to GB3s CyberSecurity Team
Contact Us: Here to help