Thursday February 2, 2017

Phish or Cut Bait

Why do we belabor the phishing thing? Is the risk of social engineering just a bedtime bogeyman used by pestiferous IT personnel to rattle up some good ole' fashioned paranoia? Before we recommence our campus phish training, let's talk about the truth of the matter: Exactly how wary do we need to be?

Social Engineering attempts are happening regularly. SecureList estimates that 7-9% of U.S. computer users were affected by phishing attacks in 2016 (and by "affected", they mean pretty much the same thing our phish training does - a user clicked the malicious link or attachment). That's a very high success rate for scammers. Who wouldn't buy a lotto ticket for a one-in-ten chance to win (Or lose? It's a muddled metaphor, but you get the point).

Social Engineering tactics are sophisticated and successful. Spearphishing is on the rise, with personalized emails that look perfectly legit (unlike the old "Nigerian letter scams") and point to faux websites that look exactly like our trusted login destinations (right down to that green lock icon we keep telling you to look for). The average cost to an organization caught by spearphishing is $1.6 million (Barkley.com).

88604c59aeae09d8f7be7d42c6267972aa3b4e64e454778ad0f9192d627b4d95.jpg

So, how wary should we be? There's no need to bury our computers in the backyard, but it's definitely smart to have our antennae up while we're online. Still not convinced? In the immortal words of Reading Rainbow's Levar Burton,"you don't have to take my word for it." A few of these reads are a bit long, but make for an useful skim, regardless:

Email phish are here to stay for a while. So, we better be on top of our game in sniffing out the stinkers and chucking the bad ones back -- or at least into the trash. Our 2017 phish training exercises will help you master the art of the nose.

 

Previous Post

Next Post

Suggested Links

Social Media