A report by leading global researcher, Gartner, found that 91% of all cyber attacks start with phishing. This reinforces the argument that human error is perhaps the weakest link in the security chain of any organization. In our most recent webinar, we illustrate the value of investing time and money to make employees your strongest security asset.
Social Engineering: The art of manipulating people so they give up confidential information
Phishing: Typically through email, but can also be via telephone or other communications where a user is tricked into browsing a malicious URL designed to appear like a site they trust, or provided with other fabricated content such as an attachment containing malware
Continue reading for a recap of the webinar, or scroll to the bottom of the page to watch a replay of the presentation!
Today’s Threat Landscape
The FBI investigation estimates that phishing costs American businesses half a billion dollars each year. Phishing is a top 10 threat in the current landscape so ensuring that your employees are up to speed on phishing best practices is essential – especially as phishing techniques continue to evolve.
Some newer threats to look out for can come through other types of communications. Angler Phishing, for example, “is the practice of masquerading as a customer service account on social media, hoping to reach a disgruntled consumer,” according to Experian. Reports show that angler phishing has increased 442% year-on-year. These newer threats are more sophisticated and legitimate; therefore, it is getting harder to spot these phishing threats.
So what do you do if you receive an email that looks real but you are unsure if it is legitimate? Here are a few IT security tips help you avoid getting hooked:
- Check the sender of the email as well as the “to” and “cc” fields. Look closely at the email address for errors such as XYZcapital versus XYXcapiital that may attempt to spoof a trusted senders email address.
- In the reply email, make sure the recipient address is still correct.
- Don’t reply to emails that request personal or banking information.
- Improper spellings and grammar are a big giveaway!
- An overwhelming sense of urgency requesting personal information or payments
- If you company has “External” tags enabled, pay attention when replying.
- Be wary of links and attachments – only click on those you are expecting! (Tip: Hover over the link to see where the URL will take you to be sure!)
Click here to watch a webinar on Best Practices for Phishing Readiness and a few ways on how you can protect others from being hooked: