• Fri. Nov 22nd, 2024

The Great Phishing Fail

Byadmin

Jul 13, 2022

(By Anna Collard)
KnowBe4’s report on top-clicked phishing emails of 2022, By Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa
JOHANNESBURG, South Africa, June 10, 2022/ — By Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa (www.KnowBe4.com).In 2021, phishing attacks increased by 7.3% according to the ESET Threat Report (https://bit.ly/3xD5urD), and the Cisco 2021 Cybersecurity threat trends report (https://bit.ly/3O4Jwmx) revealed that around 86% of organisations had at least one person click a phishing link. This echoes the findings of recent KnowBe4 Security Awareness Research (https://bit.ly/3NGKiXi) that found people keep clicking – on fake emails from HR, the business and IT. As Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, points out, the majority of top email categories that people fall for are those that fit in to everyday life – invoices, purchase orders, shared files, and COVID-19 related topics.“As our quarterly report on the top-clicked phishing (https://bit.ly/3O9Yyr9) tests shows, the emails that catch people are those that they are most used to seeing and that they expect to receive,” she adds. “They fall into the categories of HR, business, entertainment, IT and online services. They are fake reminders of bill payments, shopping offers, password changes and pandemic messages, and they’re often so well designed that they’re hard to tell apart from the real thing.”It’s easy to see why people fall for the phish, and why training is hit and miss. People are busy, they’ve got lives and bosses and deadlines. If they receive an email with HR in the title that asks them to complete a new form for COVID-19 regulations, it’s simple to think this is a standard office email, especially after two years of being programmed to fill in forms for this very reason.“Using our KnowBe4’s AIDA, our Artificial Intelligence Driven Agent Phishing feature we now leverage machine learning to recommend and deliver personalized phishing (http://KnowBe4.com/phishing) campaigns based on users’ training and phishing history. Think of it as your own AI phishing assistant that automatically chooses the best phishing test for each user, at that moment personalized to their individual level. The average success rate of AIDA driven phishing simulations is at 8% which is about double as effective as the average randomized phishing campaign. It shows how AI and algorithms can make phishing smarter. The only thing is – the other side has it too,” says Collard.In the US, HR and password change emails are the most successful while in Africa, the most common form of phishing email is ‘Authorize pending transaction on your wallet’, closely followed by Registration for COVID-19 study and IT end of year password policy.“It’s interesting to note that HR emails are the most dominant form of phishing email in the US and tend to cover not just the pandemic, but holiday time, dress code changes and performance appraisals,” says Collard. “Globally, phishing focuses on eWallets, benefit accounts and password changes.”Holidays, however, tend to present the biggest risk to users. Christmas, Valentine’s Day, Mother’s Day – these occasions spark a flurry of phishing emails that entice people to click with special offers, cards, reminders and fake promotions. These are very easy to mistake for the real thing – Someone special sent you a Valentine’s Day eCard! – and can cause untold damage to the business and to individuals when users mistakenly enter their credentials to access their free gift or card.“This is why it’s increasingly important for organisations to invest into phishing training simulations,” says Collard. “Using smart algorithms and recent phishing scams as a starting point, these simulations send out fake emails that are designed specifically to woo users into clicking making the user vulnerable.

Author

Leave a Reply

Your email address will not be published. Required fields are marked *