Simulator data Phishing from Kaspersky Security Awareness Platform show that employees tend not to notice pitfalls hidden in corporate emails and delivery problem alerts
Σalmost one in five (16% to 18%) clicked on the link in email templates imitating such attacks Phishing.
According to estimates, the 91% of all cyber attacks starts with one phishing email and "fishing" techniques are involved in 32% all successful data breaches.
To provide further information on this threat, Kaspersky analyzed data collected by a phishing simulator and provided voluntarily by users.
Built-in platform Kaspersky Security Awareness Platform, this tool helps companies check if their staff can spot an email type “phising”From a real one without compromising corporate data. An administrator selects from a set of templates, mimics common phishing scenarios, or creates a custom template, then sends it to the group of employees without warning them and monitors the results.
A large number of users clicking on the link is a clear indication that additional cyber security awareness training is required.
According to recent phishing simulation campaigns, the five most effective types of e-fishing are:
- Topic: Delivery attempt failed - Sorry, our courier was unable to deliver your product. Sender: Mail delivery service. Click rate: 18,5%
- Topic: Emails were not delivered due to overload of mail servers. Sender: The Google Support Team. Click rate: 18%
- Topic: Online Employee Survey: What would you improve about working for the company? Sender: Human resources department. Click rate: 18%
- Topic: Reminder: New dress code for the whole company. Sender: Human resources. Click rate: 17,5%
- Topic: Attention to all employees: new building evacuation plan. Sender: Security Department. Click rate: 16%
Including email phishing that earned a significant number of clicks are: booking confirmations from reservation service (11%), order notice (11%) and IKEA tender announcement (10%)).
On the other hand, emails that threaten the recipient, or offer immediate benefits, appeared to be less "successful." A template with the theme "Hack your computer and know your search history" won 2% of the clicks, while Offers for free Netflix and $ 1.000 Clicking on a link only deceived 1% of employees.
However, there are important aspects that need to be considered when conducting this evaluation to be truly effective. As the methods used by cybercriminals are constantly changing, the simulation must reflect current trends in social engineering, alongside common cybercrime scenarios.
It is important that simulated attacks are performed regularly and supplemented with appropriate training - so users will develop a strong vigilance ability that will allow them to avoid targeted attacks or so-called spear phishing, comments the Elena Molchanova, Head of Security Awareness Business Development of Kaspersky
To prevent data breaches and related financial losses and reputational losses caused by phishing attacks, Kaspersky recommends the following for businesses:
- Remind your employees of their key signs phishing emails. A dramatic email issue, typographical errors, strange sender addresses, and suspicious links.
- If in doubt about the email you received, check the format of the attachments before opening them and the correctness of the link before clicking. This can be achieved by hovering over these items - make sure the address looks authentic and the attachments are not executable.
- Always report phishing attacks. If you detect an electronic attack "fishing"(Phishing), refer it to the safety section IT and, if possible, avoid opening malicious emails. This will allow the cyber security team to reshape anti-spam policies and prevent an incident.
- Provide your employees with basic cyber security knowledge. Education should aim to change the behavior of "students" and teach them how to deal with threats. As a major supplier of cybersecurity, the Kaspersky has a relevant database of actual attacks and is constantly supplementing them Security awareness training according to the current threat landscape.
- Because phishing attempts can be confusing and there is no guarantee that all accidental clicks will be avoided, protect your work devices with reliable security. Choose a solution that provides possibilities anti-spam, monitors suspicious behavior and backs up your files in the event of ransomware attacks. Phishing protection is included in some security solutions, even for small and micro businesses.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
