Microsoft have released their annual Security Intelligence Report on cyber security and have reaffirmed that phishing is still the most popular way for cyber criminals to attack organisations.
The report scanned more than 400 billion emails, 450 authentications and 1.2 billion devices and found that 53% of all email threats are phishing.
Microsoft found that hackers generally focus on social engineering and poorly secured cloud apps to gain the access they need.
“As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email,” Microsoft said.
So if people are the weakest link in your cyber security platform, what do they need to be aware of?
Be wary of hyperlinks in emails, even if they look legitimate they could be linking to an entirely different URL.
Bad spelling and grammar can be signs of a scam email, also if the email starts with a generic greeting. However, some phishing emails are getting more sophisticated and targeted so bad spelling may not always be present.
Many phishing emails contain threats or negative consequences if action is not taken. These are usually in the form of account closure or legal action if payment is not made immediately.
Was the sender someone you don’t normally deal with, or was it out of the blue? Never click on links in an email from a sender you don’t know.
It is important to remember that these organisations will never ask for your personal or financial information. If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.
You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.