• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Sticking to the basics: Phishing with emails

March 23, 2017 by Secure360 and UMSA

laptop and envelope with black document and skull icon

Copyright: 123rf

According to a report from Verizon, cybercriminals are ignoring mobile and other new technologies as vehicles for cyberattacks, and sticking to the good old fashioned email phishing campaign.

Email phishing by the numbers

Out of more than 100,000 security incidents that hit thousands of companies in 2015,

almost 90% of the incidents involved attempts to steal cash. In addition, there was little evidence that new technologies involving net-connected gadgets or smartphones were becoming a popular attack route.

About 30% of phishing emails had been opened by people in targeted organizations in 2015, which was up from 23% in 2014. Of the scam emails opened, about 13% had been able to launch malware because staff had run the attachments they had carried—meaning in many cases, it took only minutes for criminals to compromise the network of a targeted company.

These phishing attacks also fly under the radar, with companies often taking too long to realize they have been compromised. Statistics gathered for the Verizon report suggest 84% of the organizations questioned took weeks to spot that criminals had won access to internal systems.

Why are your employees still falling victim?

You’ve probably heard of, or even received, the Nigerian prince scam email, in which the sender requests assistance in transferring millions of dollars of excess money out of Nigeria and promises to pay the person for his or her help. There’s also the dying widow emails, in which the widow of billionaire randomly acquires your email and decides to give you her entire inheritance out of “the goodness of her heart.”

Most know not to fall for these over-the-top phishing emails, but there are many attacks that come in a much subtler message. For instance, many phishing emails tell the recipient that their account has been suspended, deleted or hacked—asking the recipient to reenter their information through the included link.

Unfortunately, many employees are just not educated or aware of the various types of phishing emails and the negative, widespread effects of opening them.

Fixing the problem

There are two key steps you can take to prevent email phishing attacks on your business. First, employ an email filtering system that accounts for known tricks. Consider employing two-step authentication procedures, and segment your network to limit further access if an account or user has been compromised. Actively monitor your network for signs of suspicious activity or data exfiltration to cut down response times.

Secondly, and most importantly, you must be regularly providing your employees with security awareness training. Your business will still be vulnerable to phishing attacks because they do not target your IT systems, they target your employees. You need to provide all of your employees, even key executives, with regular security awareness training. Consider running phishing simulations that place would-be victims in the same position of a potential attack.

Cyber scammers and attackers are constantly changing their strategies to keep tricking their victims—prepare your business and your staff for these phishing emails.

Filed Under: Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: New post alert! Learn more about our awesome 2022 @UMSAOrg #scholarship winners https://t.co/C8VnqX3wWW
    about 8 hours ago

  2. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.