• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Sticking to the basics: Phishing with emails

March 23, 2017 by Secure360 and UMSA

laptop and envelope with black document and skull icon

Copyright: 123rf

According to a report from Verizon, cybercriminals are ignoring mobile and other new technologies as vehicles for cyberattacks, and sticking to the good old fashioned email phishing campaign.

Email phishing by the numbers

Out of more than 100,000 security incidents that hit thousands of companies in 2015,

almost 90% of the incidents involved attempts to steal cash. In addition, there was little evidence that new technologies involving net-connected gadgets or smartphones were becoming a popular attack route.

About 30% of phishing emails had been opened by people in targeted organizations in 2015, which was up from 23% in 2014. Of the scam emails opened, about 13% had been able to launch malware because staff had run the attachments they had carried—meaning in many cases, it took only minutes for criminals to compromise the network of a targeted company.

These phishing attacks also fly under the radar, with companies often taking too long to realize they have been compromised. Statistics gathered for the Verizon report suggest 84% of the organizations questioned took weeks to spot that criminals had won access to internal systems.

Why are your employees still falling victim?

You’ve probably heard of, or even received, the Nigerian prince scam email, in which the sender requests assistance in transferring millions of dollars of excess money out of Nigeria and promises to pay the person for his or her help. There’s also the dying widow emails, in which the widow of billionaire randomly acquires your email and decides to give you her entire inheritance out of “the goodness of her heart.”

Most know not to fall for these over-the-top phishing emails, but there are many attacks that come in a much subtler message. For instance, many phishing emails tell the recipient that their account has been suspended, deleted or hacked—asking the recipient to reenter their information through the included link.

Unfortunately, many employees are just not educated or aware of the various types of phishing emails and the negative, widespread effects of opening them.

Fixing the problem

There are two key steps you can take to prevent email phishing attacks on your business. First, employ an email filtering system that accounts for known tricks. Consider employing two-step authentication procedures, and segment your network to limit further access if an account or user has been compromised. Actively monitor your network for signs of suspicious activity or data exfiltration to cut down response times.

Secondly, and most importantly, you must be regularly providing your employees with security awareness training. Your business will still be vulnerable to phishing attacks because they do not target your IT systems, they target your employees. You need to provide all of your employees, even key executives, with regular security awareness training. Consider running phishing simulations that place would-be victims in the same position of a potential attack.

Cyber scammers and attackers are constantly changing their strategies to keep tricking their victims—prepare your business and your staff for these phishing emails.

Filed Under: Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: The time to register is NOW, because today is the final day to score early bird rates. #Sec360 is the professional… https://t.co/rsIAkxmmCV
    about 13 hours ago

  2. Secure360 Conference
    Secure360 Conference: We can never thank our wonderful #Sec360 sponsors enough! Silver Sponsors @AxoniusInc @BlackBerry @Fortinet and… https://t.co/pnYxfkR135
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: Join us for a series of FREE Student360 webinars! Topics include: How to ACE Your Video Interview, What Makes A Gre… https://t.co/rNLX3HMuc7
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.