Phishing Emails are trying to use Cyber Security against you

February 4, 2024

Phishing has been around since email has existed. It is an ever-present cyber threat, and one of the most dangerous. It is estimated that one in every 99 emails is a phishing attack, and that 30% of phishing emails manage to get around default protections . What’s more, over 92% of the malware in the world arrives via email. Meaning emails are the number one attack vector.

Apart from malware, phishing emails can also be the way in for scams such as BEC—Business Email Compromise—a type of cyber crime that, according to the Financial Crimes Enforcement Network (FinCEN), generates $301 million every month . Recently, the subject “invoice” was used in 60% of the most effective phishing campaigns. However, in 2019, another tactic seems to be more effective.


Cyber Security knowledge as a force for bad

A security awareness training company, KnowBe4, has carried out a study to discover the most effective phishing email subjects. The most successful subjects were those related to cybersecurity or that made the victims think they had suffered a security breach.

For the study, the company sent out thousands of simulated phishing emails with different subjects, and observed which of them were clicked on. They also observed the subjects of real phishing emails that users had reported to their IT departments.

The results were revealing. Phishing emails that used the subject “Password Check Required Immediately” were the most successful: 43% of users fell into this trap . Ironically, the success of this subject reveals that, to a certain degree, efforts to increase user awareness about cyber security are making headway; users are beginning to understand the importance of protecting their passwords.

Other subjects that managed to get recipients to open emails included “A Delivery Attempt was made” and “Deactivation of [[email]] in Process”, which fooled 9% of users.


Taking interest in the company can be dangerous

Another tactic is the use of subjects related to company policies: “New Organisational Changes”, “Updated Employee Benefits”, “Staff Review,” and “Revised Vacation & Sick Time Policy” were among the subjects of emails that were most frequently opened.

Stu Sjouwerman, CEO of KnowBe4 says that, “As cyber security threats persist, more and more end users are becoming security minded. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click.  The bad guys are always looking for clever ways to trick end users, so [users] need to remain vigilant.”


Defend yourself against phishing

With the volume of emails that users receive every day, both legitimate and phishing attempts, protecting against threats of this kind is a must. The most important thing is to make employees as aware as possible of the dangers that this kind of attack poses, as well as how to recognize fake messages. Many of them contain the names of real companies that could be providers for the organisation, or even adapt the company’s branding. However, they also usually contain a few suspicious elements:

  •    A domain name used by the sender that doesn’t entirely coincide with the domain of the company that is sending the invoice.
  •    A different language from that usually used by the organisation to communicate with the providers.
  •     Serious spelling or grammar mistakes, product of the use of machine translation programs when writing the email.

 

As well as exercising caution when it comes to possible phishing emails, it is vital to have an advanced protection to stop cyber threats landing in employees’ inboxes. The Protection Plan offers Email Protection. This provides multilayer protection against all kinds of spam and malware in real time. The advanced scanning technology is carried out from the cloud, simplifying security management, since it can be used from anywhere, at any time, simply by accessing the web console.


Phishing is one of the traditional cyber threats that is still growing, and it is highly likely that it will continue to grow every year. What’s more, it is the point of entry for a litany of cyberattacks and malware. Protect your systems with JC Cyber Security's Protection Plan .


Book a Free Cyber Clinic today to see how The Protection Plan can help your business.

Book a Free Cyber Clinic

Follow Us

Be the first to know

You might also like

DAST in DevOps: Why It Matters

October 14, 2024
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.  So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Why DAST Testing is Important

October 4, 2024
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.  This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

The Evolution of Hacking

September 25, 2024
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.  In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.
More Posts
Share by: