Project Description
Cybercriminals are becoming increasingly sophisticated in their attacks on New Zealand organisations and they’re targeting their most critical asset: data. But just how bad is this problem? The Computer Emergency Response Team (CERT NZ) recorded a 25 percent rise in incidents in the past 12 months, which has caused a loss of $53 million from victims in attempt to recover cyberattacks.
Whether these attacks are due to a lack of awareness from organisations, being time poor, aging infrastructures or merely a simple oversight, the consequences can be fatal for an organisation of any size. An important and effective strategy for stopping attacks before they even begin is with security awareness training in your office.
Phishing is one of the most common types of cyberattacks, mostly via email, making up 46% of all incident reports in New Zealand. sensitive information such as bank accounts, email systems, passwords and other access to company systems. This can be managed and prevented with smart cyber security strategies and keeping staff updated and educated on the signs of an attack.
KPMG NZ took part in a phishing exercise among 35 other organisations to better understand email attacks and how they appear. Participants were sent an email indicating the organisations had signed up to a password quality checking website and asking them to go to the website and check the quality of their passwords. Of the 8,333 people phishing emails were sent to, 1009 people (12.1%) clicked on the web link in the email, and 702 (8.4%) entered their password into the website. This is a reflection on how easy it is to be fooled by scammers.
But how do you know an email is an attack?
Top indicators businesses should watch out for in emails:
- Email address
An easy way to identify a phishing scam is by checking the email address. Try to avoid following any instructions from unknown addresses or one’s that don’t seem legitimate. A lot of the time scammers will try and appear in disguise of well-known organisations. - Suspicious requests
Cybercriminals are getting better at what they do. Identifying cyberattacks can be more complex than suspicious addresses. It is important to take note at the content provided within an email and survey it thoroughly before handing over any information. False offers of amazing deals or unbelievable prizes are commonly used by cyber criminals to encourage you to act immediately. If a user is asking for personal information such as logins, credit card details etc, it should be flagged immediately. Most organisations will never ask for censored information over the internet, especially via email. It is safer to contact the company directly to clarify if you’re unsure. - Links
Links are tempting to click but can be the gateway to a fatal cyberattack. If you receive an email you find suspicious that contains links, hover your mouse over the links and check the URL. If links are mismatched, it is a strong indicator that it is a scam. Avoid opening unexpected links from unknown senders. - Attachments
A common method by cybercriminals is planting attachments in emails, infecting a user’s device with malware if opened. It is important to be wary of suspicious attachment names and file types, to avoid the repercussions. If this is your first interaction with the sender and you don’t recall needing any attachments, there is a high chance it is cyberattack.
Cyber security training for your team
Establish smart security strategies with CodeBlue cyber security training for business teams. Our comprehensive training teaches your team how to identify suspicious emails and what to do next to protect the business, as well as putting users to the test with simulated phishing campaigns. Contact us to learn more!
HP DEVICES POWERED BY INTEL®
The Intel logo is a trademark of Intel Corporation or its subsidiaries.