In response to Grant MacEwan University and the 11.8M dollar phishing attack
Unfortunately, this is the new normal when it comes to cyberattacks. Unless we invest far more into educating our employees on how to spot these types of scams the scammers will ultimately win.
Phishing can be a very lucrative way for criminals to steal money. This week alone we have fielded 5 attempts of this nature to our own CompuVision client base (luckily our process has allowed us to be quite successful with the breaches we’ve had to deal with).
These types of attempts targeting the user are becoming the new normal, but they don’t have to be. Most of these cyber scams are very much preventable since it has to do with human behaviour and not expensive technology.
This is how these attacks are growing. It is hitting industry after industry and all because organizations are forgetting one simple thing.
All the technology in the world won’t protect your data or bank accounts if someone just opens the front door for the criminals.
The problem in phishing attempts are us, the humans. It’s like an egg. Hard outer shell of tech with a soft gooey middle of uneducated staff.
The most effective solution is to educate staff and continually test them.
As with technology there is always innovation. There is a new layer evolving that is intended to detect and remediate anomalies in the network. This uses artificial intelligence to flag a phishing email, detect unusual behaviour, or lock down a stolen login. However, this isn’t quite ready yet and is still being tested.
In follow-up to our first blog on this in March – https://compuvision.biz/2017/03/10/dangers-social-engineering/ I wanted to add some pictures of threats we have been seeing recently along with some helpful pieces of education that we give to our own customers.
Again, education is the key to keeping a threat like this from hitting home. Protect and educate yourself. Educate. Test. Repeat.
I feel for the folks involved in this latest scam, and I hope the University takes something from this incident and turns it into something they know a great deal about: Educating people.
Examples of Phishing Emails
Phishing emails appear to come from a reputable source. Some common ones include Canada Revenue Agency, PayPal, Apple, DocuSign, vendors you may work with or even your bank. They generally look very authentic and include logos and the sent from address looks to be from that organization. They include a link to another site.
Some phishing emails ask you to send money. They will look like they come from someone you know (even someone from work) as they spoof the from email address.
Here are two examples of actual phishing emails received with some notes in red.