Yazılım Kulübü

A recent phishing attack at a university made everyone ask the question, ‘How effective are phishing simulations against cyberattacks?’

The phishing attack started with an email sent to staff and students at the school. In the e-mail, hackers wrote that the university would give a certain amount of assistance to enable people to overcome the pandemic more easily. To request help, all they had to do was click the questionnaire in the email. The information requested in the survey included name, address, date of birth, social security number, driver’s license number, bank account information. At the end of the e-mail, hackers also added that the university would help people who gave missing information.

As we can clearly understand above, this email was clearly a phishing email. The fact that the scammers sent this email when people required financial assistance proved this. The aim was to take advantage of the pandemic to steal victims’ personal information, including banking information, and steal their money.

Another similar email was sent as a phishing simulation against cyberattacks…

Employees of a company working in the publishing industry got a very similar email recently. Employees saw a fake email in their inbox congratulating their success, saying that the company would give a bonus to them. With the same logic, this email also seemed to be sent by hackers trying to capture employee information. However, these emails were sent by the company itself to train employees on how to behave. The company aimed to test whether employees with this email could click the link in the email. They directed the employees who clicked on the email link to a site reporting that they failed the test.

However, this test, which aimed to increase safety awareness, was met with many employees’ reactions. Employees who responded said that the company had financial problems and that the IT department had planned the test using the employees’ vulnerabilities. Many researchers also reported that the study’s outcome was quite misleading, as the company conducted the simulation when employees needed money. It is wrong and ruthless to construct phishing simulations based on the news that the employees will be given bonuses in a financially troubled period.

Unfortunately, fraudsters also take advantage of when people are particularly weak financially, using the wrong and ruthless ways. The most effective way to educate employees against e-mails offering money is to raise their awareness with phishing simulations that contain such tricky e-mails.

What’s The Answer to The Question ‘How Effective Are Phishing Simulations Against Cyberattacks?’?

Recent research highlights that phishing simulations can yield very different rates depending on how companies set them up. The researchers stress that people are much less likely to detect phishing emails that concern their business and interests. Most companies do not aim to trap too many employees in phishing simulations. However, when this is the case, the failure rate in such studies remains very low. Preparing more difficult phishing simulations can help raise awareness among employees who can detect simple messages but are still sensitive to emails tailored to their job and industry.

Accordingly, phishing simulations, like our example, also help prevent people from clicking real phishing emails. To this day, a lot of research has been done examining various phishing training, such as phishing email simulations, training videos, games that teach us what to watch out for in suspicious messages. These studies show that exercises positively affect people’s safety awareness, but their effects diminish over time.

For example, researchers conducted a recent study to determine how long the effects of these exercises last. The researchers studied 409 employees. It turned out that video-based training and interactive tests affected the employees for a long time. However, even with these exercises, the safety awareness of the employees lasted about six months. This shows that the companies should repeat the training at regular intervals for it to be effective.

What Can We Use In Addition to Phishing Simulations Against Cyberattacks?

1. Use cybersecurity awareness training to prepare your employees more effectively!

Protecting your business by educating the employees with cybersecurity awareness training to detect and track cyber threats may be the most practical solution. Lack of training and carelessness is the number one reason behind attacks. Without proper training, undertrained employees can easily give valuable information to hackers. Enhance your staff’s level of cybersecurity awareness with our tools.

2. Warn your employees beforehand with threat sharing tools!

Threat Sharing tool allows your employees to improve their responsiveness to threats by generating awareness with collaborative work, lowering expenses, and increasing effectiveness. Threat Sharing platform functions as an early warning device for all the employees. When a phishing attack occurs, our tool instantly carries this information to the rest of the company, which causes research across the departments.

“This post is originally published at www.phishing.org.uk”