The malicious email as a means with which to socially engineer an “attack” is undergoing something of a revival.

Malicious emails are more targeted, at individual companies, probably company types, and in some cases specific individuals. Background information gleaned from social media and other publicly accessible sources is often used to seed these emails with familiar words, phrases or whole issues to lure the recipient into a false sense of security.

A momentary lapse in concentration by one user in an organisation can have serious implications. One of our customers* recently had an incident which resulted in them having to roll back their financial system by 3 or 4 days. The restore was accomplished relatively easily, as they are like many organisations, running a VMware environment and take overnight snapshots of just about everything.

The desktop clean up took a lot more resource and time, and they completely lost all of the effective work done on the finance and payroll system for the previous few days.

One of our customers, (they don’t buy AV or email filtering from us) recently had an incident which resulted in them having to roll back their financial system by 3 or 4 days.

Moral of the story

It’s never a bad time to remind your staff about “Phishing Emails”. You may think it’s obvious when you get one but with the stresses of everyday office life that may not be so for everyone.

Security Awareness Training

Ecommnet have recently teamed with KnowBe4 to provide managed security awareness training for employees and other users specifically targeted at the use of email. Click here for more details.

The anatomy of a phishing email

Spoof Amazon Account Verification Email
Spoof Amazon Account Verification Email showing spoof links and tell-tale signs it's not genuine
Spoof Apple iTunes Email
Spoof Apple iTunes Email showing spoof links and tell-tale signs it's not genuine

 

Attackers bypass technology so you need to educate your employees. KnowBe4 provides on-going, scheduled, simulated Phishing Security tests to keep employees on their toes and provides remedial on-line training if an employee falls for the simulated phishing attack.