100+ billion spam emails are sent each day, and 90% of successful breaches start with phishing. “What is phishing?” you might ask. It’s the fraudulent practice of sending emails that seem to be from individuals you know or reputable companies to entice you to reveal personal information (birthday, social security number, etc.), account information (e.g. passwords), or financial data (e.g. credit card or bank information).
There are several ways cyber criminals try to get you to reveal information.
- Email phishing sends the same email to millions of users, usually from a name you recognize (PayPal, Starbucks, Bank of America) with the hopes that someone will fall for the urgent message inside to enter sensitive information. 80,000 people click on these a day.
- Spear phishing targets a specific individual or department within an organization. The resulting personalized email might be from someone you regularly communicate with that includes a link or an attachment.
- Whale phishing is similar to spear phishing, but it goes after a big kahuna in an organization, like the CEO or president.
- Smishing is like email phishing, but it happens over text (SMS).
- Vishing uses a voice call.
Security awareness training (SAT) that covers phishing is important so you and your employees can learn to spot phishing emails, texts, and calls. Our favorite platform also incorporates monthly phishing simulations as the bad guys are always learning new tricks. We like the fact that our SAT partner stays on top of the current phishing trends and educating us on what to look for.
In addition, with this platform, we can also customize simulated phishing emails. For example, one of our clients got caught by a real phishing email, and they asked us to create something similar to add in to their monthly phishing simulation. We created the phishing email, the landing page (where the user goes when they click on the email), and the resulting training page that explained why this was a phishing email and what they could have done instead of clicking.
Phishing and the damages a successful attempt causes is no joke. Reach out to us to help train you and your staff to spot the phishing signs.