Assume your staff can detect the most devious types of spear phishing, when cyber criminals claim to be a legitimate business person in an attempt to gain access to your company’s computer network? If you aren’t sure, you need to train your employees to identify these attacks. As a recent story by PCWorld shows, phishing attacks remain a serious threat to businesses. And today’s cyber criminals are utilizing social networks like LinkedIn to stage their attacks.
The PCWorld story highlighted a phishing incident that Websense Security Labs uses as an example: In this attack, a cybercriminal made a fake LinkedIn profile of a woman named Jessica Reinsch, who was said to be an employee of a real dating Web site. Jessica Reinsch, though, does not exist. And the criminal behind the fake ID used it to acquire important information from a number of businesses. The concern? That the criminal could have used this data to break into business’ networks.
It’s not surprising that this criminal was able to gather a great deal of information. The PCWorld story cites a survey from ThreatSim. The survey learned that nearly 60 percent of 300 IT executives, administrators and professionals in U.S. organizations considered phishing to be only a minimal threat. This means that too many businesses don’t take any time to train their workers to spot and repel phishing attacks.
The reality, though, is phishing is an extremely real threat. The PCWorld story cited the same survey that stated that more than one in four respondents reported a phishing attack that did lead to a material breach in their company networks during the last year. The message? Business owners need to take phishing seriously. And they also need to take real measures to make sure that their employees don’t fall for these scams.