News, Developments, and Insights

high-tech technology background with eyes on computer display

Phishing Cartoon: Signs of a Phishing Scam

Misspelled words and bad grammar are tell-tale signs of phishing.   Why don’t phishers learn spelling and grammar?  Can’t they afford a copy of Strunk and White?

Phishers don’t need to spell better because their poorly-written schemes still fool enough people.  It’s just math for the phishers — a numbers game.   If you handle IT security at your organization, don’t assume that people won’t fall for obvious phishing scams — they do.   That’s why it is essential to train people — again and again.

Continue Reading

Phishing Cartoon: Why Do Phishers Keep Sending Obvious Scam Emails?

Phishing Cartoon

Why do phishers waste their time with such obvious phishing scams when they can do so much better?

One possible answer: They don’t have to do better.  They send out so many emails that they only need a very low percentage of people to click.  And people always do.  In fact, if phishing emails became more effective, phishers might get too many clicks and might not be able to process it all!

To break into an organization, all the phishers need to do is to catch just one person. They don’t need to overphish the seas.  Victims are plentiful enough!

Don’t assume that people won’t fall for obvious phishing scams — they do.  That’s why it is essential to train people.  I am pleased to announce that TeachPrivacy now is offering a phishing simulator service.  We’ve teamed up with QuickPhish to provide a platform where organizations can conduct simulated phishing exercises for their workforce.  A great way to teach people not to fall for phishing emails is through direct experience.  When people wrongly click, our training can follow to teach them how to improve.

Phishing Simulator

Continue Reading

Phishing Your Employees: 3 Essential Tips

Phishing Training

A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce.  Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective.

1. Be careful about data collection and discipline

Think about the data that you gather about employee performance on simulated phishing.  It can be easy to overlook the implications of maintaining and using this data.  I look at it through the lens of its privacy risks.  This is personal data that can be quite embarrassing to people — and potentially have reputational and career consequences.  How long will the data be kept?  What will be done with it?  How securely will it be kept?  What if it were compromised and publicized online?

Continue Reading

PCI Training: Reducing the Risk of Phishing Attacks

PCI Training Payment Card Data Risks

PCI Logo PCI TrainingThe Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks.  Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS).  One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, and protect PCI data.

A major threat to PCI data is phishing, with almost a third targeted at stealing financial data.

PCI Training Phishing Statistics

According to a stat in the PCI Guide, Defending Against Social Engineering and Phishing Attacks,: “Every day 80,000 people fall victim to a phishing scam, 156 million phishing emails are sent globally, 16 million make it through spam filters, 8 million are opened.”

Continue Reading

New Security Training Program: Social Engineering: Spies and Sabotage

Module Data Security Spies and Sabotage 02

I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering.

After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams. Key points are applied and reinforced with 4 scenario quiz questions.

Social Engineering Training Spies 01

Continue Reading