Phishing is one of the biggest threats that every internet user faces.
It is a form of attack where the attacker tries to lure user´s data by using a fraudulent e-mail message or a page that resembles a familiar website or e-mail address. When the attack is successfully carried out, login data or even access data to bank accounts is stolen. The best targeted group is the elderly, who do not have sufficient knowledge in Internet security and are easily lured by fraudulent e-mails.
Most often, phishing attacks can be associated with topics such as:
- fake sweepstakes;
- the current epidemiological situation (for example, there are many attacks related to COVID-19);
- requests to update personal data;
- and more.
However, there are ways to effectively defend against phishing attacks. In addition to properly set mail hygiene in the company (allowed and forbidden mail servers, spam filters, content filters, etc.), it is very important to ensure that employees are regularly trained in cybersecurity, thus ensuring their vigilance.
OUR APPROACH AND SOLUTIONS
Social engineering is usually the first step to infiltrating a company. At BDO, we implement smishing and phishing campaigns, the aim of which is to verify how many of target users fall victim to social engineering.
- In the first step, it is important to introduce our specialist to the company, to agree on the scope and target groups.
- The next step is to create fraudulent pages that are a faithful copy of the original ones. Differences and substitutions are usually purposefully very small, for the reason that the copy is not easily recognizable at first glance.
- This is followed by the creation of email templates to be used in various smishing and phishing campaigns.
- The output is a report that informs how many people did not detect the scam, from which devices and with what frequency they accessed the fake site, etc...
- (If interested) The training that follows the campaigns (and is highly recommended). Target users are introduced to the techniques that have been used and warnings on how to defend themselves, how to recognize them, how to prevent them etc...
CASE STUDY: THE SUCCESS OF PHISHING CAMPAIGNS