Phishing is a type of cyber-attack that relies on email. The attacker devises a message that convinces the recipient to download an attachment, click a link, go to a web page, or fill out a form. In an attempt to gain trust, the sender’s email address may indicate someone known to the recipient such as a colleague at work. Or the sender’s email address might indicate a government agency, or a reputable company the person has done business with.
What’s at Risk When You Click
The intent of the email is to trigger the download of malware onto the unsuspecting person’s computer. The malware might scan other systems on the network to collect sensitive information, use the systems to launch attacks on other companies, or encrypt files on connected computers until a Bitcoin ransom is paid for the decryption key.
Awareness Training
There is an urgent need to train employees to become more aware of what they are doing online, such as pointing out the dangers lurking in seemingly routine emails, and then assessing the potential ramifications of their carelessness to the company and their jobs.
Such training should include how to recognize a phishing attack, a reminder to steer clear of clicking links in social media pages, and alerting them to be suspicious of conversations and transactions initiated by others.
Training should be reinforced periodically and tested with simulated phishing emails to check how employees respond. This will help them make smarter decisions that will better protect your business from real and emerging social engineering threats.
Don’t let a phishing attack catch your people off guard… Start security awareness training now.
Contact us today.
(410) 729-0440 | Email
