By Rohyt Belani
The survey carried out by PhishMe, the leading provider of security behaviour management services, looked at the attitudes of over 130 IT security professionals towards phishing emails and it worryingly revealed that over 62 percent believe they are far more likely to fall for a phishing attack if they are targeted via their mobile phone.
Respondents were also asked when they feel they let their guard down most when looking at emails and 23 percent felt most vulnerable when they were looking at emails on the phones whilst travelling, while 30 percent felt early Monday morning and late Friday nights were their worst times for falling foul of phishing scams.
It is increasingly important that employees recognize suspicious communications sent to both desktop and mobile platforms, particularly as more and more mobile devices are connected to the corporate network and have access to confidential data. As has been demonstrated in recent months, hackers are gaining access to seemingly highly secure systems by targeting employees through spear-phishing.
Phishing emails try to trick the recipient into doing something they shouldn’t, by disguising malicious attachments or links within seemingly genuine content. If the user does respond, then it could let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information. PhishMe has proven that immersive training improves employee behaviour and complements existing technical controls to holistically tackle this ominous threat.
Mobile devices provide attackers with a new attack surface, with a variety of factors that make phishing attacks carried out over mobile platforms. Viewing emails over a mobile device makes it more difficult to view underlying URLs and information about the sender, while shortened URLs in SMS phishing messages are difficult to identify. These challenges make it important to train users in techniques to identify fraudulent communications, such as verifying the message through another means of communication.
About the author
Rohyt Belani is Chief Executive Officer at PhishMe.
PhishMe provides organizations the ability to improve their employees’ resilience towards spear phishing, malware, and drive-by attacks. The detailed metrics PhishMe provides make it easy to measure the organization’s progress in successfully managing employees’ security behaviour. With over 4 million individuals trained in 165 countries, PhishMe has been proven to reduce the threat of employees falling victim to advanced cyber attacks by up to 80 percent.
PhishMe’s methodology entails periodically immersing employees in simulated phishing scenarios, and presenting bite-sized, engaging training, instantly to those found susceptible. The solution provides clear and accurate reporting on user behaviour, allowing customers to measure improvement over time. PhishMe works with Federal Agencies and Fortune 1000 companies across many industries to include financial services, healthcare, higher education and defence.