One, Two, Three, Four, Five – We Caught 15 Phish Alive!Posted By: Helen Wednesday 18th November 2020Tags: Cyber Security, phishing
We’ve recently been discussing phishing in all its glory and the potential negative effects this can have on companies when mishandled. With the current global outbreak of COVID-19, as predicted, such email scams have sadly increased. Our recent post, Phishing & COVID-19 goes into detail about some of the messages going around. In a bid to spread awareness of just how dangerous phishing attacks can be, we decided to conduct an experiment.
We hatched a plan!
Phishing attacks rely on ignorance of the recipient. Well put together, emails are often personal, including first names and insinuating they are aware of your company and how it operates. Including either a link to click or something to download, falling for this can result in malware or the release of sensitive, personal information.
What was our mission?
The focus of our master plan was primarily to educate and educate we did! Using internal software we designed and created a bogus phishing email. There was of course nothing untoward in the link included and we had full ability to monitor results. Having discussed the master plan with a client, they agreed to try this experiment using their team.
Cyber Security Training is Imperative
It’s difficult to apportion and blame resulting in a phishing email catastrophe when fundamental aspects of cyber security training haven’t been delivered in the first place. As a business owner or higher management, it’s YOUR responsibility to ensure correct levels of training are administered in a timely fashion. Is your team aware of phishing emails and the potential damage they can cause? If you’re not sure of the answer, let the training session commence!
Let’s look at the results;
In total, we sent 50 emails in a bid to (not) lure in employees. Having hit the button, it became our job to sit back and wait, and it didn’t take long. Out of the 50 emails a total of 23 interactions took place. This means, 23 people opened the email and had a look around. So far so good, no harm done.
The 23 interactions were actually carried out by just 15 people. This means some went back to the email and sadly, took the bait by clicking our ‘dodgy’ link. Some, even clicked on more than a single occasion. Luckily, our email didn’t include malware or request personal details meaning this time, the team were lucky ducks!
How can you Prevent Mishaps?
As previously mentioned, it’s all about knowledge and knowledge occurs via delivery of appropriate training. Keen to test the awareness of your team? Ask us about Cyber Security Training today.