A recent study showed that approximately 30% of users open emails despite suspecting that they contain malware or seeming dubious. Nearly 10% of respondents admitted to falling victim to infection on their system after having opened an attachment in a malicious email.
The study showed that the most common malicious emails that respondents fell prey to included emails mimicking a financial institution (15.9%), a social networking site (15.3 %) or an online payment service (12.8%).
According to the APWG group (Anti-Phishing Working Group), more than 74,000 phishing campaigns have been recorded in merely the first three months of 2013. Moreover, malicious people can easily use affordable tools to execute phishing attacks.
Humans are the weakest information security link. Indeed, sophisticated technologies cannot, on their own, provide protection from various social engineering techniques, particularly for targeted phishing or spear phishing attacks.
Furthermore, in a world where the number of emails they have to deal with is constantly increasing, users do not take the time to examine them properly or they are simply curious and attracted by the subject line. They open the email and click on the embedded links or attachments without being vigilant. It is often topics related to social media that manage to deceive women and make them less vigilant, whereas the topics of money, power or sex lure men.
These social engineering techniques are effective and are rarely detected. It is therefore important that security awareness and appropriate training for all users be implemented by organizations. An awareness program should be developed and continuously carried out. Often, the use of a firm specializing in training and information security awareness may be necessary to properly implement such a program and achieve these goals.
To read the article on the study, please click on the following link:
To learn more about phishing as well as awareness solutions and phishing simulations offered by Terranova, please click on the following links:
By Patrick Paradis, Information security advisor