Integrated Technology Solution Provider Encourages Business Owners and IT Teams to Deliver Ongoing Employee Training to Prevent Phishing Scams from Causing Business Calamities
RThe email looks like another co-worker sent it. “Hey, here’s a new report the boss said we should read. Click the link to get a copy,” says the text. But it isn’t from a co-worker and it isn’t a report. It’s an example of a phishing scam – an email designed to trick an employee into clicking a fraudulent link to a malicious website. “These are the types of scenarios that keep business owners and IT teams awake at night,” says Peter Vescovo, COO and Partner at Island Tech Services (ITS). “Phishing attempts look real to the average user. And that’s what makes them dangerous.” Fraudulent phishing email often contains links to counterfeit financial websites or documents that, once clicked, can activate a ransomware virus designed to encrypt an entire company’s file system and demand payment to access files. To train its customers and their employees how to identify fraudulent email, Island Tech Services (ITS) (www.itsg.us.com), a leading provider of advanced technology, mobility and vehicle solutions, relies on a security awareness training tool designed to train, test and keep users vigilant. More information is available from ITS at http://ow.ly/BZb530nshF0. “And don’t worry, this is a real link,” says Vescovo.
Vescovo says that common sense doesn’t always apply. “You may receive an email ‘from me’ that says ‘take a look at some pictures of my kids’ so you go ahead and click. Too often, we will click the link before thinking about it. What you should probably ask yourself is, ‘When has Pete ever sent me personal pictures before?’,” says Vescovo.
Training, Testing & Remediation
To prepare employees to combat phishing attempts requires ongoing training, testing and remediation:
“Those who fail the test are placed onto a ‘Clicked List’ which is a little like Santa’s ‘Naughty List’ and they need to prove they have learned how to avoid phishing scams in the future in order to leave the list,” says Vescovo.
Top 10 Most Clicked Email Subject Lines
According to KnowBe4, ITS security awareness training partner and the world’s largest security awareness training and simulated phishing platform builder, several phishing attempts during 2018 shared similar, user-engaging email subject lines that were specifically chosen to encourage unsuspecting users to open and click on the email contents. KnowBe4 says the most common subject lines (typos and misspellings included) were:
Vescovo points out that six of these were specifically designed to target business email users with valid-sounding concerns. Ultimately, a company can enhance its network security, adding firewalls, blocking risky file extensions, password protecting files, and filtering URLs – but the biggest defense is to educate their employees.
“It only takes one employee to make a mistake and infect your entire file system with ransomware,” says Vescovo. “That’s why an educated employee is your best line of cybersecurity defense.”
Want to Learn More?