Phishing For Awareness: Ready For A Surge In Q4?
Phishing and Social engineering isn’t going anywhere, in fact it may actually become bigger than you previously though. According to Tessian’s Spear Phishing Threat Landscape for 2021 it looks like we may be in for a large phishing season. Read below to learn more about their findings and what that may mean for your business.
Phishing in 2021
For those new to the world of cybersecurity, phishing refers to a type of social engineering in which a cyber criminal attempts to persuade you into clicking a malicious link or giving over private data through email or other forms of communication. These types of emails can be extremely misleading and hard to recognize unless you know what you’re looking for and unfortunately they are only going to become more widespread particularly in Q4 of 2021.
Based off Tessian’s findings from July 2020-July 2021 we can see that there was a particularly large spike of registered phishing emails during the fall and holiday season. Right before black Friday we saw a 56% increase in phishing emails that declined but then rose again following Black Friday. This shows that cyber criminals know that people are much more likely to click on a link when they can entice them with an event or holiday relevant to them. Overall there was around a 46% increase in phishing emails from October to December, showing that these bad guys know when you’re most vulnerable.
Additionally, cyber criminals even have a certain time they like to send out these malicious emails. Because most mistakes happen when employees are stress, tired, or anxious to get off work this means that you are most likely to receive these emails later in the day. Tessian found that most malicious emails are usually sent somewhere between 2PM and 6PM. The reason for this is that most employees have either relaxed a little after taking a lunch break or are getting into end of day mindset when they’re ready to go home. Additionally, roughly 45% of employees say they click on a phishing email because they were distracted. Unfortunately for us these cyber criminals know just how to take advantage of those moments when we are most distracted.
How Can You Prepare Yourself?
Fortunately, there are a number of ways that you can prepare your employees for the inevitability of a phishing email. One of the best ways you can make sure your employees are secure is through security awareness training. Making sure your workers know what a phishing email looks like and what to do when they receive one can go a long way in securing your business.
Additionally, making sure they know when and if they are the most vulnerable is important. Do your employees know that they are most likely to be targeted after their lunch break? One department may be more of a target than another so making sure your employees know that they are a higher target can provide a sense of urgency to the issue. Just remember that your customers peace of mind is dependent on your cyber security practices. By being careful and taking your security seriously you can go a long way in protecting your business.
Read More From Our Phishing For Awareness Series:
- PFA: Pop-up messages, email spoofing & URL Phishing Attacks
- PFA: Business Email Compromise Schemes and Website Spoofing
- PFA: Impersonation and Social Media
- PFA: Spear Phishing & Subdomain Attacks
- PFA: Malware Injection & Image Phishing
- PFA: Clone, Man-in-the-Middle & Search Engine Phishing Attacks
- PFA: Advanced Phishing Tactics
- PFA: 3 More Advanced Phishing Tactics
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.