Resources

Broadly speaking, most phishing vulnerability testing works in more or less the same way.

An automated tool sends simulated phishing and spear phishing simulations to those within your organisation.

Phishing scams evolve constantly. Don’t they?

On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve.

On the other hand, the the nuts and bolts of phishing scams are surprisingly static. On the whole, phishing attacks are quick, cheap and disastrously effective. Knowing this, criminals rarely tweak the inner workings of their phishing scams all that much.

The consequences of phishing can be severe…

It’s widely reported, for example, that tech giants including Facebook and Google sent as much as $100m directly to criminals following a spear phishing campaign that went on for more than two years.

In 2017, an email prankster targeted the White House.

The prankster’s goal was simple: to trick White House staff into responding to fraudulent emails for nothing more than a cheap thrill. With little to gain from the endeavour, the prankster’s efforts were basic.

The trickster wrote a simple email purporting to be from Donald Trump’s son-in-law, Jared Kushner. He sent it off to Tom Bossert (at the time Homeland Security Advisor). And he waited to see if the security advisor would respond.

As phishing filters are far from perfect, can phishing ever really be prevented?

Today, with phishing attacks on the rise and the cyber threat landscape constantly evolving, most companies employ some form of technological phishing filter to help prevent phishing.

Such filters typically rely on machine learning to check and categorise incoming emails and, after doing, prevent suspicious emails from making it into corporate inboxes.

You’ve received an email. As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like. How do you check whether or not the email is a phishing attack?   Step 1: Is the email...

Incredibly, traditional cyber security awareness training may actually decrease security awareness. Here’s how to ensure your security awareness campaigns increase resilience. Last year, researchers looking into the security of mobile devices inadvertently uncovered...

Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they? So why is it, instead of dying down, phishing attacks are on the...

People are more likely to be a victim of identity theft than any other type of cybercrime… and phishing can be a precursor In order to steal your identity, criminals need to get hold of your personal information. That’s all it really takes to begin opening bank...

In 2018, some reports suggest the number of phishing attacks are falling. Is that really the case? Phishing attacks have been on the rise for a long time now. According to the UK government’s most recent cyber security breaches survey, they cause more data breaches...

To demonstrate why security awareness training so often fails, it’s worth conducting a quick thought experiment. Imagine you’re a smoker and, one day, you find out you’re genetically susceptible to lung cancer. Thanks to your genes, you’re two-three times more likely...

Online security awareness training is now the most popular form of security awareness training in the world. As we noted here, that’s good news when it comes to measuring the effectiveness of security awareness training. Offline, things aren’t so easy to track....

The scope of cyber security awareness training continues to increase. While the below list of topics to include in awareness training is far from exhaustive, each should be a foundational pillar of security awareness campaigns. Building campaigns around the below can...

Generally speaking, traditional security awareness training is delivered in one of four ways: 1. Classroom-based training 2. Visual aids (including video) 3. Through simulated attacks 4. Computer-based training Resource challenges and environmental contexts often...