Podcast Center
Video Center
Webcasts
Resource Center
Events
July 06, 2018 at 10:41 AM
Employees with company financial access are the most targeted by scammers.
While ransomware like WannaCry draws the headlines, phishing is the cybercrime deceiving organizations consistently. Unsurprisingly those with access to company bank accounts, accounting and finance team members, are most frequently targeted.
The reality, 41% of organizations experience phishing attacks daily or more, and 77% experience a phishing attack at least once a month, according to a phishing report from UK-based security software firm Sophos.
The study also revealed cybercriminals are adept at using social engineering to exploit human weaknesses. That is why everyone is on the front line when it comes to security. Beside the teams connected to company finances, cybercriminals also likely to target those who manage business processes and IT controls, which puts organizations at risk for ransomware and extortion. But cybercriminals do not discriminate. No role is safe from phishing. Anyone who receives emails is at risk.
John Shier, senior security expert at Sophos, said, “As the quality of phishing emails has improved it is important to remember that some recipients will get fooled. Users are the first line of defense against a successful phishing attack. While education is an important part of keeping an organization secure, so is the user’s ability to report suspected phishing attempts.” He added organizations should make it easy and blameless for users, even those fooled, to report attacks. “This early warning system is crucial for any organization wishing to respond quickly and decisively to a phishing attack.”
Image courtesy of Sophos.
The report’s findings reveal interesting insights not just of the cybercriminals but of typical employees. Hackers are profiting off what gets peoples’ attention, what they worry about, and what they are most likely to act on.
Results from Sophos Phish Threat, a simulation and training tool that teaches people how to spot phishing emails, show that individuals are most likely to fall for phishing emails that focus on:
- Simple, task-based activities referencing known applications: For example, “[JIRA] A task was assigned to you,” which produced a 38.5% click rate.
- Mundane day-to-day topics: For example, “Let’s meet next week” or “Car lights left on.”— 29.1% click rate.
- Implication of wrong-doing: For example, “Harassment Awareness Training”—26.01% click rate.
- Car lights left on—24.61%.
- eFax message from {CustomerName} – 2 page(s)—23.55%
- Traffic Citation for {EmailFirstName} {EmailLastName}—21.95%
- In arrears for driving on toll road—21.36%
- Suspicious male spotted outside {CustomerName} Building—20.44%
- PLEASE READ – Annual Employee Survey—18.55%
- New Email System at {CustomerName} — Please Read—18.48%
The report results revealed a critical point for all organizations: “While we’re getting wise to fancy visuals and too good to be true offers, peoples’ defenses are down when it comes to everyday work-related emails. Clearly, lack of excitement in an email does not equate to lack of risk.
