Everyone thinks they won't click on a phishing link, but when we run tests, there's always someone who does!
Phishing is the leading tactic used by today's ransomware hackers, typically delivered in the form of an email designed to impersonate a real system or organization. Often created to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding. They look like the real thing!
Would any of your employees click on these emails?
- Tax Refund - Recipient is due a tax refund and directed to a site to claim their refund.
- Bank Account Low Balance - Recipient receives a low balance alert in the bank account and gives them the option to check their account.
- Amazon Security Alert - Alerts Amazon customer that there were several unauthorized attempts to access their account from an unknown device
- DocuSign Signature Request - Recipient is sent a request to electronically sign a document
- Webinar Reminder - Recipient is sent an email reminder that the webinar will begin in 1 hour.
- Netflix Account Reset - Netflix password has been reset and asks the target to change their password.
- IT Reset Password - Email sent from IT asking to reset password
- eFax Email - eFax email with instructions to download the electronic fax.
These are all examples of typical phishing scenarios, and are actual emails we use as part of of cybersecurity training. Everyone thinks they won't click on the link, but when we run training tests, there is always at least one person who clicks on the link.
In a test scenario, the user is just warned that they made a mistake and its an educational moment. However, if the email was malicious, this could take down an entire organization with ransomware.
The concept of a "human firewall" is getting a lot of attention these days. A network firewall, security patch updates, DNS protection, and all the technical layers of protection needed for responsible network protection are just part of the solution. The behavior of all users on your network will also impact your security (and the bad actors know it!). Don't forget employee security training as part of your overall cybersecurity strategy.