With phishing attacks being thought to have started literally 25 years ago, what makes this age-old method so continually valuable as a tool for cybercriminals and scammers?
When you think “phishing”, you might just think about the initial email sent to a potential victim recipient. But phishing today is far more than that; it’s about the domain registrations needed, the fake logon sites needed for credential theft scams; the pre-campaign diligence that’s done on potential victim organizations to find just the right person.
In short, phishing is a multi-faceted creation. And yet, it somehow finds success even when it’s poorly executed.
Why is that?
I see two simple reasons why phishing continues to grow, evolve, expand and succeed:
Since there’s little we can do to stop the bad guy economy from growing, we need to focus on the one part we can – the user. By teaching them to “default to ‘skeptical’”, according to former CISSP Mark Stone , users can be taught to be critical of any email that results in asking for credentials, the transfer of funds, or any other kind of action that can be misused by a cybercriminal.
It’s only through continual Security Awareness Training that organizations can achieve ‘skeptical’; users must receive constant reinforcement to ensure they know the danger is always present and must keep their defenses up when interacting with email or the web.
I think it’s evident, phishing isn’t going anywhere. And because it looks like it’s probably going to continue to grow, now is the time to get to ‘skeptical’.
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Why Phishing Attacks Are So Easy, Successful and Profitable – and What to do About It approvedccsu, validccpro