Phishing Simulation Tests
Phishing is a process of attempting to acquire sensitive information such as passwords, Social Security numbers, or other account information by imitating a trustworthy sender and targeting the recipient. Examples of this include emails that look like there from your bank or financial institution asking you to log in to verify recent transactions. Other examples include emails that appear to be from Google asking you to log in with your Google account to read a document. A successfully phishing attempt is when the recipient of the email opens a message, clicks on the link, and provides their sensitive information. The attacker now has this information in their possession and can log in with the users account or use their credit card information, Social Security number, or bank account information to steal their identity or otherwise defraud the target using their online resources. There are number of different techniques used to obtain personal information.
Common Phishing Techniques
Spear Phishing
Spear Phishing is specifically targeting members of the business community and usually requires the attacker to have some knowledge of your online social information. These campaigns are more targeted than classic phishing. The hacker targets your organization or your individual position to harvest some information that only you could provide. The do research on you to make the attack personalized and increase their chances of success.
Spam
This is the most basic method of phishing attack. A single email is sent to hundreds of thousands if not millions of individuals. These emails will contain requests for users to provide login information that the attackers will use for illegal activity period most messages appear to be urgent and require the user to log in as soon as possible to read a recent invoice, or a failed transaction reportedly from your bank. Sometimes will be asked to fill out a form with their personal information to access a document or a bill that claims to be past due.
Website forgery
Forged websites are built by hackers but appear to be a real website. You may then get an email which takes you to this website and appears legitimate were you made unknowingly provide sensitive account information thinking you’re logging into a website you’re familiar with
Velox Systems Has You Covered
Velox Systems takes great measures to prevent spam email, malicious attacks, or other phishing attacks from reaching our clients inboxes. Anti-virus scanning as well as online spam filtering provide great protection for such attacks. In the end, however, the end user is the greatest defense against phishing attacks. Velox Systems works with several partners to conduct on going fishing simulation tests for our clients. These simulations monitor our clients’ responses to phishing attempts in a safe and controlled way. Velox Systems then reaches out to users who mistakenly acted on the phishing simulation to provide training, information, and key tips to avoid falling for a phishing attack in the future when it really counts.
These simulations occur several times throughout the year on an annual basis. Training sessions and materials are licensed and provided as a part of the service to users who need the additional touch and skill required to successfully avoid phishing attacks.
CEO Fraud Scam
One of the most costly examples of a phishing scam is known as the CEO fraud scam. In this scam unsuspecting but high level employee receives an unsolicited email from what appears to be there CDO or supervisor. Usually these messages request some form of financial transaction such as a wire transfer, or the purchase of products or gift cards from a nearby store for physical shipment to an anonymous mailing address. The request is made via email that appears to come from the CEO to the recipients employee. Is successful attack occurs when the employee makes the purchase and delivers the wire transfer or payment cards into the attackers possession. This kind of attack is extremely costly and may result in the unfortunate termination of the targeted employee.
So What Do I Do Next?
Need help to figure out what IT service plan you need to help keep your staff trained and aware of costly malicious email attacks?