Phishing is a process of hacking whereby attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. It can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.
There are several proactive measures your organisation can take to prevent successful phishing attacks. These include making it difficult for attackers to reach your users, help users identify and report suspected phishing emails, and by responding quickly to incidents. It is important to have a culture that educates employees about phishing attacks, and ensure people know the process to report an attack, especially if there has been an accidental click making the attack successful.
The best way to prepare is by practicing. Our Phishing Resilience Exercise simulates a phishing attack by utilising an email testing exercise. This exercise is used to see how receptive staff are to potential phishing emails. Working with the client’s security team this test involves sending selected staff a specially tailored email to track their response rate. A full report and recommendations are provided to you on completion of the exercise.
Discover more benefits of a phishing resilience exercise.