Blog
 

Blog

email phishing attacks in the works

Catch Email Phishing Attacks Before they Catch You

  |   News, Phishing

The million dollar question is: Could you catch email phishing attacks before they catch you? Yes, it’s true. A successful phishing attack costs a mid-size company an average of 1.6 million dollars. Having the ability to recognize the signs of a phishing attack before you give out sensitive information or click on an unknown link is a vital step to securing your company.

Attacks and breaches are taking place every single day and no company is safe from an attack. For example, many of you may have heard about the recent Google breach. Therefore, every company and every employee needs to take extensive measures to secure their organization. According to the SANS Institute, 95% of enterprise network attacks involve spear phishing. In addition, according to the 2018 Verizon Report, 30% of phishing messages get opened by targeted users. The solution is simple. Train your employees to spot phishing emails. Test their knowledge about phishing attacks before a real attack is delivered.

Test your Employees for Free

Fill out this form to use the special offer we are giving away this week for Cybersecurity Awareness Month. As a result, your company will receive a free 30 day phishing campaign allowing you to test employees to see their knowledge on email security. This offer is valid through December 31, 2018.

  • Users who fail to identify phishing emails receive an educational landing page.
  • PhishingReal™ allows a variety of customizable templates and delivery options.
  • Dedicated account representatives automate the campaign to fit your needs.

 

Free Course Demo
Please check our Privacy Policy to see how we protect and manage your submitted data.

Hear it From the Experts

TechGuard delivered a spear phishing campaign as part of a penetration test for a university. Spear phishing is a more targeted type of phishing using knowledge gained about the victims before the attack. TechGuard decided to use the “failed package delivery notification” template. Furthermore, we included a link to “click here” to arrange delivery. In addition, a fake page was set up capturing the user’s log in information, which mimicked the university’s logos. TechGuard used substantial reconnaissance to select the target employees with the hopes that they would have escalated privileges. As a result, we chose 14 users to target in an attempt to steal credentials and infiltrate the system.

Results of our Phishing

Within 5 minutes of sending the spear phishing email, 2 employees clicked the link and provided login credentials to our fake page. Within 20 minutes we had access to all their student records. Ultimately the phishing was reported and a notification was sent informing employees not to click the email link. However, at this point, we already owned the user’s machines. Also, we could have simply deleted the phishing notification and started sending phishing emails as that user.

Indicators

If the employees had been trained to know the signs of phishing emails, they would have noticed that the link looked similar to the college name but it was not a complete match. Also, they would have known to verify with shipping and receiving that there was actually a package before clicking the link. It only takes one user to compromise a system and the results can be catastrophic. Therefore, always question unexpected emails and unknown links. Verify the authenticity of the email.

Are you curious if your staff members would be able to detect a phishing email or would they fall victim to a phishing email? How many of your employees would fill out a form giving away their credentials? Often organizations go on thinking it will never happen to them, but if it did, could your company afford a loss of 1.6 million? Consider how often there’s a new story about a cyberattack or a breach. Your employees can be either your greatest strength or your greatest vulnerability.