Phishing is the #1 cause of a compromise. 30% of phishing emails are opened. Business Email Compromise (BEC) scammers netted over $12 BILLION between 2013-2018.
Phishing simulations can help to condition your users how to appropriately respond to these threats. Running regular phishing campaigns as part of your ongoing security awareness program can significantly reduce your risks.
The use of computer based training (CBT), posters, gamification, contests and newsletters are great additions to assist with your training. People learn differently and need reminding so differentiating the delivery of your message will help to ensure a successful program.
Your phishing awareness program should include these indicators of phishing:
- Are the Reply to and From addresses different?
- Does the sender name and return address make sense?
- Is the contact name or company anyone you regularly conduct business with?
- Is there a sense of urgency in the message? Act on this now or else?
- Check for bad spelling and grammar, misrepresentations of popular logos and brands.
- Beware of unsolicited attachments and links
- Is there a request for gift cards or wire transfers?
- Include training of what to do with these suspicious emails, who to contact and the methodology for reporting
Responding to a phishing incident:
- Identify the threat, the scope of damage and isolate the device from the network
- Change passwords and run scans on the infected device. Reimage if necessary.
- Educate other users of the incident so that they can be alerted to the active threat
- Follow up with training
Resources
CBFree-Computer based training