Human Error Is A Hacker's Dream

With targeted and increasingly sophisticated phishing scams continually on the rise, the ever-evolving world of digital communication presents the optimal backdrop from which fraudsters can readily strike. 

The Different Forms Of Phishing  

Employees may be able to spot the more obvious phishing emails as they tend to have a couple of common themes; they either look completely innocuous or they tap into fear, for example “your bank account has been hacked”. Hackers will often tailor emails to topics relevant at the time and they will certainly tailor it to seen relevant to an organisation. A seemingly urgent email from someone imitating a senior member of staff is relatively simple to execute as this information is online for all to view.
 
People often expect to only be exposed to phishing through scam emails, leading them to wrongly assume the legitimacy of phone calls and divulge information. In a recent global report by Mutare, over 47% of businesses reported that they had experienced some form of voice phishing, or vishing, in the last 12 months. 
 
Vishing occurs when someone phones you with the intent of deceiving you into sharing personal data with them. As a method of phishing, it came before email but has been making a resurgence in recent years. Large organisations are often targeted and should be extra cautious in terms of employee training and have complete clarity on which information employees are allowed to pass on over the phone. 
 
Multifactor Authentication (MFA) fatigue attacks is a strategy used to get around multi-factor authentication and usually take the form of fake emails repeatedly requesting access information from someone. This can lead to the recipient eventually getting so frustrated they either turn it off or hand over security codes. 
 
MFA fatigue attacks are relatively new, sophisticated methods, however in reality they make up only a small percentage of attacks. Phishing emails are still the most common threat, and, in these instances, it is a numbers game; the hacker will send hundreds or thousands of phishing emails to an organisation looking for that one click, playing the odds and hoping they can get past the barriers for at least one individual.  

Human Behaviour - A Vital Piece Of The Puzzle 

Human behaviour plays a vital role in ensuring organisations and people stay safe and protected from the threat of phishing. In the phishing space, human behaviour is critical. Ensuring everyone in your organisation has had regular training so they know the signs to look out for, as well as having a level of consciousness about their own data security are key.
 
You can also subscribe to various threat intelligence services which keep records of all the current known ‘scams’ so you can set up systems to weed them out and filter before they even get through to inboxes. However, keep in mind that you can’t filter everything.  

Andrew Parsons is UK partner and cyber security expert at international law firm Womble Bond Dickinson

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Hackers Hit Thousands of Computers
SMBs Are Taking Cybersecurity More Seriously »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological Universiy (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.