Happy Valentine’s Day
Love is in the air but Spam is in your Inbox
In May 2000 the world saw one of the fastest and widely spread computer worms.
The ILOVEYOU was a worm virus whose method of propagation was through phishing emails. Although phishing emails started in the early 90’s the ILOVEYOU worm, some 10 years later, was one of the most prolific. This particular piece of malware has been heralded as one of the worst ever.
The email was designed to intrigue the recipient sufficiently for them to click the attachment. Once the attachment was opened the virus would set to work changing files within the system. The “worm” element would then hijack the users address book and send itself out to all contacts.
The ILOVEYOU worm infected more than 4 million devices. Globally the cost of damages reached up to $8.7 billion.
Statistics show that 3 out of 4 companies still fall victim to phishing scams
Fast forward to 2020 and phishing emails are still a major problem.
Technology now exists which attempts to reduce the chances of a recipient falling victim to these types of attacks, however, the more technology evolves to prevent such attacks the more sophisticated the phishing scammer becomes.
Not all phishing/spam emails contain a malicious payload. Phishing email sophistication takes a further step exploiting trusted relationships. It is more likely that the email, albeit spoofed, may come from someone you already know. The language used and context of the email may also be easily spoofed. Once a conversation is instigated, and trust established, the malicious threat actors can then attempt to coerce the victim into further actions.
As sophisticated as the message can be, sometimes the simplicity of a message can yield the best result. Malicious threat actors prey on human curiosity. With this timing is everything. Receiving an email, as per the image here, entices the recipient to click on the link and instigate the potential download of malware.
With Valentine’s Day being on the horizon you, your organisation and your users should be more vigilant to phishing emails being received.
What CAN be done?
Firstly an organisation needs to understand what the threat level to their business is. A simulated phishing campaign should be undertaken. There should be separate campaigns for each department and different levels of sophistication employed within the emails depending on recipients targeted.
Once an organisation understands how susceptible they are to an attack of this nature thorough user awareness training should be implemented. Training must be an ongoing strategy that is updated regularly in line with trends in the industry.
On a regular basis an organisation should retake simulated phishing campaigns in order to understand whether the training being provided has been effective. The training strategy can then be modified accordingly.
Give love a chance
That said, of course we want to spread the love, it’s Valentine’s Day after all. Send and receive messages from loved ones to let them know that you do care. Let’s just make sure that the email you are opening comes from someone expected (check with the sender if you aren’t expecting it) and make sure it doesn’t end in heartbreak, as far as your data is concerned.
Love and kisses - Cognisys