Person in business suit playing hopscotch towards a crocodile

Phishing intensity increases while cyber awareness remains worryingly low

A significant and concerning lack of cyber-awareness is still prevalent today despite the threat of phishing attacks, ransomware and social engineering garnering more media attention than ever.

In uneasy times such as these with the likes of COVID-19 still lurking, hackers are without doubt using people’s worries against them. Scams based around the coronavirus have become familiar occurrences these last few months, and rooting them out is of the utmost importance.

The UK’s HMRC is currently investigating over 10,000 COVID-themed scams, furthermore proving just how routine they have become in recent months.

“The data showed that May was the month in which the highest number of phishing scams were reported by members of the public to HMRC, at 5152, representing a 337% rise compared to March when lockdown measures were first introduced in the UK.”

Infosecurity Magazine

Covid-19 phishing scams are simple but effective, usually relying on a large amount of target inboxes being emailed or alerted via an SMS message. They usually target a specific new policy introduced by the government aimed at aiding businesses, or even come up with a new policy themselves, for example this tax reduction scam was just one of many of the same type of phishing attack.

These attacks often have a low success rate but are sent to thousands of inboxes in the hope that at least one falls victim, giving up sensitive information such as login credentials, bank details and other personal data. This is then relayed straight back to the hackers and used for any number of further malicious activities.

In a study organised by the Cyber Security Agency of Singapore (CSA), around 67% of the 1000 respondents indicated that they knew what phishing was. However, when tested with a mixture of phishing and non-phishing emails (six of them phishing and two non-phishing) only 40 people managed to correctly identify whether the messages were of malicious intent.

That’s not a typo, 40 people out of 1000.

These findings further stress that although awareness of these attacks going on is a huge and important factor in trying to halt these hackers, it is simply not enough to just know they exist. Material action needs to be taken in order to make progress and keep your organisation safe.

In another study conducted by TechRadar, it was discovered that 71% of staff believed that cyber security is a central focus for their organisation, however out of the same group 45% believe that their business was not sufficiently prepared to deal with a cyber-attack.

These numbers are not adequate and should leave every business owner pondering the question; Could my organisation spot a phishing email before it’s too late?

Phishing Tackle has a number of free tools to help you better understand the size of your cyber threat surface. Check out our Free Click-Prone® Test now to find out how many of your users can spot a phishing email.

Do this before the bad guys do it for you.

Recent posts