Scammers automate fake emails
- We all know how easy it is to write an e-mail. What not everyone is equally aware of is how easy it is to forge an email, and the sender address of an email, so that it looks like it is coming from someone other than the sender. We call this a "phishing attack"; when criminals send fake emails to scam the recipient. Investigations show that it is not technical security holes, but phishing attacks, which have become the most common way criminals gain access to companies' information and IT systems, Stegelmann explains, and continues:
- Scammers use automated tools to send fake emails to victims. In the case of "generic" phishing attacks, the emails are typically sent to lists of thousands or millions of recipients. The scammers can e.g. pretend to represent a large mobile operator, a public authority, a bank, the police, or other authorities we usually have high confidence in.
Read what our security manager says about home office.
Plays on emotions
- In the e-mail itself, the scammers often play on trust in the sender and recipient's feelings such as curiosity, respect or fear. Among other things, they may speculate that we agree to enter our credit card number on a website that appears to be the website of, for example, a large streaming provider, in order to "prevent the streaming account from being locked" or speculate that we "look at an outstanding invoice before it goes to debt collection ”or opens another attachment with“ important information ”. That the website to which the e-mail refers is fake or that the attachment contains malicious software that gives the criminals access to the victim's PC and network, the e-mail obviously does not say anything about, Stegelmann says.
- Despite the fact that today we have advanced technical systems and security solutions, such as e-mail filters, to stop many generic phishing attacks, the scammers are constantly working to break through the barriers. In the case of targeted phishing attacks, the criminals tailor the message and send the e-mail only to selected people. An example of this is "director fraud", where an accounting employee receives an e-mail from the manager. In the email, the manager requests a cash transfer of a significant amount to a vendor account. Typical of this type of fraud is that it gives the impression that the case is urgent. Unfortunately, all too often we see that the employee does not notice that the e-mail comes from criminals before the payment has been made and the money has been sent to an account abroad, says Stegelmann.
Watchcom can help companies reduce the number of phishing attacks
Watchcom has understood that training and training of employees is very important in preventing attacks. At Watchcom, the advisors have extensive experience in conducting generic and targeted phishing exercises based on today's threat image, both for smaller and larger private and public Norwegian clients. The security experts assist clients in planning the target group, timing and content of the exercise, to ensure that the results of the exercise provide the customer with the best possible insight into how vulnerable the business is to phishing attacks.
Phishing drills not only provide insights into how employees relate to phishing attacks, but surveys Watchcom has done afterwards show that only a few drills contribute to raising awareness of employees and significantly reducing successful phishing attacks.
To strengthen training and awareness, Watchcom is partnering with one of the world's leading platform providers for phishing exercises; KnowBe4. With KnowBe4's platform, we can offer our customers automated phishing exercises; a cost- and resource-efficient solution that reduces the need for coordination and follow-up of exercises and training initiatives. With a holistic platform, the customer will also be able to compare their own results against companies of the same size and industry over time, which will be an important tool for adjusting security measures. With a well-established safety culture and a documented safety solution that assists in practical matters, safety management in the business will be simplified and ensured.
- We are concerned with creating a positive safety culture for our customers, and believe that a strongly rooted and practiced safety culture proactively contributes to increased safety. We have very good experience with this across industries and businesses, adds Stegelmann in conclusion.
