How much of a threat is Phishing to your business?
Cyber Wise subscribers are constantly hearing the term ‘Phishing’, you’re probably getting bored of it as much as we are however there is great purpose as to why we keep reminding our users of it. Phishing is one of the greatest Cyber threats with more and more cases of Phishing attacks being reported every day, it is also the number 1 delivery vehicle for ransomware with 85% of organisations suffering from Phishing attacks in 2016. According to a survey by Wombat Security, Phishing attacks were up 13% from 2014 to 2016, 93% of them were intended to infect victims with ransomware with 30% of them being opened by users.
Criminals use many different techniques to trick users into clicking on links or attachments and confidential information such as bank information, account credentials and addresses. One technique criminals use to get bank details is ‘selling’ sold out concert tickets, a scam that over 21,000 people have reported falling victim to in the last 3 years. In that time the British people have lost over £17 million and Action Fraud UK recently tricked 1,500 British music fans into almost buying sold out concert tickets from a fake website they created. The fake website ‘Surfedarts’, which is an anagram for ‘Fraudsters’, was created by Action Fraud UK and the City of London Police to make the public aware of the growing problem.
Music fans from London, Manchester, Birmingham, Cardiff and Leeds were sent emails advertising a new site. The site was purposefully set-up to look like a secondary ticket provider and imitated the way fraudsters offer fake tickets. However not all fake websites look ‘secondary’ with some beginning to look more genuine than ever, a recent fake Gmail login page even tricked some security experts.
Users who entered the website were shown a video, informing them that they almost bought tickets off a fake website and how these types of scams are tricking more and more people every year. The experiment was a brilliant way of finding out how simple it is to create these scams, and just how many people fall for it.
Phishing emails can be easy to spot if you know exactly what to look out for;
- Does the email address look legitimate? Do you recognise the email address? Are there any spelling mistakes or added characters?
- Does the email have any spelling mistakes or bad grammer?
- What is the email asking for?
If you believe an email is fake the best thing to do is call your IT technicaion who will be able to confirm. Do not forward on the email as doing this raises the risk of someone opening it. Do not click on any links or images, doing this could download malicious software. If you don’t have an IT technician, delete the email permenantly using a SPAM filter.
If you would like to learn more about our phishing simulator and how it can help you, make sure to email firstname.lastname@example.org.