Social Engineering: Phishing & Spear Phishing

With the proliferation of the Internet, users are constantly on devices that contain a lot of their personal information. And now, with technologies like iCloud and other password storage methods, hackers can gain access to that information through social engineering.

Recent Verizon DBIR Reports

In the Verizon 2013 DBIR report, “phishing was associated with over 95% of incidents attributed to state-sponsored actors, and for two years running, more than two-thirds of incidents that comprise the Cyber-Espionage pattern have featured phishing.” More recently, with Verizon’s 2015 DBIR report, targeted phishing still remains one of the top threats to organizations as demonstrated by the various data breaches over the past 12 months. As we continue to do more and share more online, we become more vulnerable to being targeted for attacks that steal our passwords and data.

Phishing and Spear Phishing

As stated in the statistics above, today, phishing and spear phishing are the most prominent forms of cyber attacks. With hackers casting a wide net with email spamming campaigns that direct users to give out their information, or doing a significant amount of research to target a specific person, many users are falling prey to these false requests.

What’s Concerning About Social Engineering

What’s concerning about phishing is that it leverages a technological medium that exploits human weakness instead of a technical weakness. While technical weaknesses can be solved with patches and the implementation of additional security, human weaknesses lie in being uneducated.

While it is necessary to keep your computer secure by integrating anti-virus and anti-spam software, it is also important to educate your work form on best practices for detecting false requests. Additionally, if you remove a phishing email before a user even reads it, it may be beneficial to the company as a whole, but it does nothing to protect an individual if they are redirected to a rogue website. Furthermore, it can aggravate the problem by lowering the person’s guard because they will assume all illegitimate emails are blocked, and will, unknowingly, grant access to dishonest messages that they do receive.

Carson Inc.’s Best Practices

Ultimately, while technology continues to improve, humans will take longer to evolve and adapt to new processes. The best way to protect your company and users against phishing is to help them distinguish between fraudulent and legitimate entities via continuous training. Proactive measures to prevent phishing thought internal training exercises will be your best strategy for decreasing breaches. The main problem with phishing and spear phishing is that there is more of a focus on the technology rather than the people.

At Carson Inc. we’ve helped clients with proactive training to help decrease the click-through rate on fraudulent emails, advertisements, and other messages. By creating a faux-fraudulent email to send out to individuals in the company, testing the response rate, Carson Inc. found that about 25% of the organization had responded to the spam email and provided personal information. This identified a need and allowed Carson Inc. to recommend more proactive training strategies to combat phishing and spear phishing.

In addition to training your company on best practices, Carson Inc. will also give recommendations on web security gateway products that assist in decreasing the amount of phishing and spear phishing emails that get through your browser.

Carson Inc. Combats Social Engineering

Our motto is finding what matters and controlling what counts. Don’t sacrifice your security for convenience. Carson Inc. has been helping its customers fight the battle against cyber threats for more than 22 years. Our team consists of Information Assurance (IA) experts with advanced degrees and technical certifications, including CISSP, CISA, LPT, GWASP, and ISO 27001. Our staff has in-depth knowledge of IT security statutory and regulatory guidance. For more information email marketing@carsoninc.com or call (301) 656-4565.

You May Also Be Interested In