How’s the phishing?

I recently worked with a credit union that had just been the victim of a phishing attack. The email looked official, and the link directed the staff to a page that was a perfect copy of an Office 365 login page. One employee clicked the link and entered credentials. The attackers quickly sent out thousands of duplicate phishing emails to the credit union’s members. The only difference – the email looked as if it came from the credit union employee. No data was lost, but the organization had to send notification letters to its members, telling them to ignore the email. This was embarrassing, to say the least.

Did you know that email remains the top route for criminals to steal data and siphon billions of dollars each year? A standard industry benchmark is that 90% of targeted attacks begin with email. Nearly all of them rely on a human clicking a link. What does this mean to your credit union? People are your most significant risk for phishing attacks. You can’t entirely rely on technology to protect your organization; you must continuously train and test your employees.

Proofpoint, which is a security company, recently issued a phishing report. The company’s findings were based on a survey of 600 security professionals and 3,500 workers in Australia, France, Germany, Japan, Spain, the United Kingdom and the U.S. The survey results on phishing and ransomware come as “employees feel burned out, emotionally drained and distracted,” Proofpoint says, making them more susceptible to falling for such attacks. “Meanwhile, cyber attackers are as adept as ever; they continue to use tactics and lures that resonate with employees and consumers alike.”


continue reading »