Rhyme Technology Blog

September 17, 2019 @ 12:00am

https://www.rhymebiz.com/sites/rhymebiz.com/assets/images/BlogImages/20607.jpg

Don't Fall for Another Phishing Attack

More than 90% of successful hacks and data breaches start with phishing scams. Phishing is a threat to every organization across the globe.


Given its cheap cost and high success rate, phishing is one of the most common scams across organizations today. The most common type of phishing attack involves a criminal posing as a high-level executive who will then send an email message to an employee with access to a desired system or information. According to PhishMe, phishing emails pretending to be regular office communications are the most effective, with an average click-through rate of 22 percent.

What is Phishing?

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.

Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

So, why does phishing keep happening? It’s because people continue to fall for it! Organizations should have ongoing security training and education to prevent their employees from being easy targets. It is imperative that all employees in an organization understand what a phishing email looks like and how to avoid becoming a victim. There are a number of free online phishing tests available to you and your employees, Rhyme can also help develop a test to help educate your employees.

Top tips to avoid phishing scams:

  1. Educate all employees about phishing in general and spear phishing in particular.
  2. Use strong, unique passwords. Better yet, use a phrase instead of a word. Use different passwords for each account. Use a mix of letters, numbers and special characters.
  3. Never take an email from a familiar source at face value. If it asks you to open a link or attachment, or includes a threat to close your account, think twice.
  4. If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize or if it’s an abbreviated URL, don’t open it.
  5. Consider a verbal confirmation by phone if you receive an email from a client or coworker requesting sensitive information or other requests that seem odd to you.
  6. Use security software to help defend against malware, viruses and known phishing sites and update the software automatically.

Top-Clicked PHISHING Tests

Top Social Media Email Subjects

  • https://www.rhymebiz.com/sites/rhymebiz.com/assets/images/BlogImages/TopSocialMediaEmailSubjects.pngLinkedIn—'Join My Network’, ‘Profile Views’, ‘Add Me’, ‘Deactivation Request’ (56%)
  • Login alert for Chrome on Motorola Moto X (9%)
  • 55th Anniversary and Free Pizza (8%)
  • Your Friend Tagged a Photo of You (8%)
  • Facebook Password Reset Verification (8%)
  • Your password was successfully reset (6%)
  • New Voice Message at 1:23AM (5%)
Key Takeaway

LinkedIn messages continue to dominate the top social media email subjects with several variations of messages such as “join my network” or “add me”. Other alerts containing security-related warnings come unexpectedly and can cause feelings of alarm. Messages such as new message or a friend tagged a photo of you can make someone feel special and entice them to click. And everyone loves free pizza!

The Top 10 Phishing Email Subjects

  1. Password Check Required Immediately
  2. De-activation of email in Process
  3. Urgent press release to all employees
  4. You Have a New Voicemail
  5. Back Up Your Emails
  6. Revised Vacation & Sick Time Policy
  7. UPS Label Delivery, 1ZBE312TNY000015011
  8. Please Read Important from Human Resources
  9. manager_name sent you a file on Box
  10. Important Message from company_name Admin
Key Takeaway

Password management is a popular way to get people to click on a link. Hackers also play into employees’ emotions, causing them to panic when they see a de-activation of email in process. And who can resist HR-related messages that could potentially affect the daily work of employees.

Common “In the Wild” Attacks

  • eBay: Important Your account.
  • Google: Your photo has been successfully published
  • Outlook/Microsoft: You’re invited to share this calendar
  • Secure Your Btc Wallet Now
  • Amazon: Account Refund Verification Status
  • Unusual sign-in activity
  • Check Sent
  • LinkedIn: LinkedIn Password Reset
  • Warning: Unauthorized Software Detection
  • Microsoft: You’ve been assigned a task!
Key Takeaway

The common theme we see here is the push for action required. One message even has an exclamation point, which emphasizes the urgency of the message. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.

Download the Infographic

2019 Top Three Industries at Risk By Size

https://www.rhymebiz.com/sites/rhymebiz.com/assets/images/BlogImages/WhosAtRisk.png

The reality is, companies are simply not doing enough to reduce the risks associated with phishing and malicious software. If your company is looking to take it a step further, Rhyme can help you with remote monitoring and management of your network to be more proactive in preventing phishing and similar attacks. Should you fall victim to a phishing attack, Rhyme would have a reliable backup and disaster recovery (BDR) solution in place to ensure your essential data can be restored with as little downtime as possible. Contact us today for more information.

Resource: https://www.knowbe4.com/phishing

About the author:

comments powered by Disqus

Recent Blog Posts 

Understanding the Ransomware Risk

More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists.

Learn More

Label Printing How-To Guide

Using the correct labels for your device and avoiding common mistakes will increase your workflow and prevent service calls and repairs to your device due to improper use and materials.

Read More

Voice Command Solutions for Your MFP

The voice-command technology you use to make life easier at home is now coming to the business sphere. Learn more about how these innovations can simplify your workday so you can spend more time on the important things.

Read More

 

Sign up for our eNewsletters

Sign me up!

 

Like us on Facebook