If the internet is to be believed, up to 10% of the world’s population are in quarantine, or at least in lockdown, to prevent the spread of the coronavirus. That’s a few hundred in the US, the same in Europe, a few thousand in a ship off the coast of Japan, oh and about 760 million people in China!
On the face of it, that’s quite scary. Were that not enough, there are an army of people churning out misinformation, disinformation and outright scams for their own pleasure or profit, like most other natural disaster, disease outbreak, famine or concerning global happening,
Take these examples that are happening right now:
So far, so insidious. But the same tactics that are fooling ordinary people out of their own money and login details are a threat to your organisation as well, like these:
In a report cited by ZDNET.com, while 96% of respondents knew about phishing, only 5% were able to identify all types of phishing scams, and according to the Verizon 2019 Data Breach Investigations Report, C-Level executives are 12x more likely to be the target in social engineering attacks than other employees.
Phishing attacks can lead to identity theft, malware attacks, data breaches, and business email compromise, and the financial and reputational cost to these can be ruinous to a company’s earnings.
Protection from phishing attacks does not lie only in software solutions. Good security policy is the start, and that comes from thorough analysis of the internal environment and external threats. However, a policy unread or ignored is little more than useless. Security awareness training and then regular testing are the key to ensuring that every employee from the CEO down doesn’t fall prey to the scammers.
People want information to protect themselves or help others, or maybe make a few dollars out of a crisis, and in these times of high alert, employees are more likely to disregard normal security procedure.
Contact the experts at TBG Security to discuss how they can help with every aspect of phishing and business email compromise prevention, creating effective security policy and even full Red Team testing including the all important social engineering.