Five ways your employees can be fooled by phishing attacks

Five ways your employees can be fooled by phishing attacks

Email is one of the most effective forms of business communication. It helps to easily maintain records for activities and projects, and provides an efficient way for multiple people to simultaneously receive activity updates. However, email is also an easy way for cybercriminals to breach security systems and attack organisations.

Phishing scams are a common method that cybercriminals use to exploit vulnerabilities. Estimates suggest that more than 90 per cent of cyberattacks start with a phishing email.[1]  This shows that many devastating attacks on organisations could have been prevented if the targeted person had realised what was happening.

While awareness of phishing attacks is growing, even experienced and savvy users can potentially find themselves falling victim to a well-executed attack. Unfortunately, cybercriminals are continuing to innovate, and they’re becoming ever more adept at fooling users into thinking spoof emails are real.

Here are five ways your employees could be fooled by a phishing attack:

  1. Spoofing: a common form of phishing attack, spoofing involves the forgery of email headers, so the email appears to have come from a reputable or familiar source. These may include attached files or links that the user would not usually be suspicious of from known contacts, such as supplier invoices.

  2. Social engineering: a form of spoofing, social engineering attacks typically involve cybercriminals researching people’s relative positions in an organisation, and then sending them an email that purports to be from a senior executive instructing them to make a purchase, transfer funds, or provide sensitive information.

  3. Fake websites: cybercriminals will often create fake websites that mimic reputable sites (e.g. a bank’s website) and encourage users to enter their credentials. These can be supported by, or linked to, phishing emails that mimic the company’s branding.

  4. Branding: as well as fake websites, cybercriminals have become exceptionally good at replicating the branding of well-known companies to fool users into thinking they’ve received a legitimate email or reached a legitimate website. They will often mimic a company’s branding in the email header and footer, making phishing emails seem legitimate.

  5. Legal threats: cybercriminals will send phony legal notices via email to create a sense of fear or urgency, leading recipients to act precipitously by clicking on links and entering passwords. More sophisticated cybercriminals will often use these notices with a combination of branding and fake websites to make scams seem legitimate, which can make it difficult for unsuspecting users to identify cybersecurity threats.

To protect your business, it’s important to implement email threat protection with multiple layers of defence that combat malware, viruses, spam, phishing and advanced persistent threats. It’s also essential that all employees receive ongoing training on how to identify potential phishing scams and where to report them in the organisation.

Solista has outlined clear steps organisations can take to secure their email ecosystem, as well as ways to optimise online security. We identify and implement the security solutions your organisation needs to optimise its cybersecurity approach and protect its assets. For more information on how to optimise your online security, download our tip sheet and contact the team today.

[1] https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html