Considering the BBC’s warning for people to be on high alert for fake emails and texts claiming to offer discounts on energy bills, cyber security experts reacted below.
Considering the BBC’s warning for people to be on high alert for fake emails and texts claiming to offer discounts on energy bills, cyber security experts reacted below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Phishing remains an unsolved cybersecurity problem for businesses and individuals. Cybercriminals know which techniques to use to increase their chances of successfully scamming unsuspecting victims, shamelessly exploiting current events regardless of human suffering in their quest for mercenary gain. Currently this is the cost-of-living crisis, but this changes all the time depending on the most exploitable current affairs. Previously Covid and the Ukraine crisis have been leveraged in the same way.
Every single successfully targeted victim now faces follow-up phishing scams which abuse their exposed PII in the pursuit of more valuable credentials. Their credential information will go up for sale to the highest bidder and may also be used to target their place of work, making now a good time for organisations to remind their workforce of email best practices, such as checking the originating email address and URL before clicking on a link, never giving out payment details and calling a company directly after receiving unexpected communication.
However, because humans are fallible, they will never detect every fraudulent email every time. Therefore, organisations must also implement additional layers of technology and processes to continually hunt for targeted email attacks like spear phishing and business email compromise to quickly and automatically eliminate the threats once identified. Security training must evolve so it can be applied in real-time and to real-attacks.