Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. -Wikipedia.org
Why do crooks phish? Because it works!
Who is being phished? `https://blog.dashlane.com/phishing-statistics/
- According to PhishMe’s Enterprise Phishing Resiliency and Defense Report, phishing attempts have grown 65% in the last year.
- According to Wombat Security State of the Phish, 76% of businesses reported being a victim of a phishing attack in the last year.
- According to the Verizon Data Breach Investigations Report, 30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.
- According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.
- According to Symantec, phishing rates have increased across most industries and organization sizes — no company or vertical is immune.
- According to the Webroot Threat Report, nearly 1.5 million new phishing sites are created each month.
Phishing is the #1 cause of a compromise. Social engineering includes various techniques in order to trick you into divulging your personal information.
- Smishing (SMS phishing) uses text messages
- Vishing (voice phishing) uses the phone to urge the victim to contact a specific number and then are prompted to enter in account numbers and PIN. Phone numbers are easily spoofed and may appear to be from a legitimate organization.
- Spear phishing and whaling will be more targeted attacks. The spear phish may be targeting certain departments such as human resources or payroll. Whaling aims at higher level executives.
- Tabnapping technique will silently redirect the user to the affected site by opening the site in one of the users open browser tabs.
- A phishing technique that may be harder for the victim to spot is the Evil Twin. This method uses a fake wireless network that looks like a legitimate public network. Victims who mistakenly log into the criminals network will have the crooks trying to capture their passwords and other personal information as they visit various sites.
MOREnet has partnered with Cofense to assist our members in effectively building their cyber security awareness program.
Cofense PhishMe simulations include:
- Current and relevant content
- Unlimited campaigns
- Customizable templates
- Robust reporting features
- Single Sign On (SSO)
- Phish reporting button
- Just in time education
Couple this program with the CBFree education modules as part of an ongoing security awareness program. These modules cover a vast array of topics including passwords, physical and mobile security, phishing, malware and data protection.