The Pervasive Threat of Phishing & What to Do About It

Pete Hoff
  • 7 min read

Fortunately, many phishing attacks are easy to spot. A strangely formatted email requesting that you reset your Amazon password, sent to an email address you have no Amazon account associated with is obviously fraudulent.

Unfortunately, hackers continue to innovate, and many attacks aren’t so easily spotted. For example, just a few months ago, I received an email from the orthodontist my wife, son, and I all see. The email came from “Info@My_Actual_Orthodontist’s_Domain” with a complete signature file and an .html file attached. Upon opening the file, I was prompted to enter my Microsoft email password. … yes, I knew not to do that. So, I opened the .html file in notepad to look at the code and saw how it was configured to gather passwords.

New research from Netskope shows changing trends in phishing delivery methods, such as fake login pages and fake third-party cloud applications designed to mimic legitimate apps, the targets of phishing attacks, where the fraudulent content is hosted, and more. Large-scale data breaches resulting from successful phishing attempts are a regular occurrence. TechCrunch reported that U.S. retail giant Bed, Bath & Beyond has confirmed unauthorized access to company data after an employee was phished.

Wursta recently held a webinar with our partner KnowBe4 on the threats of phishing attacks and how to keep your organization secure with training and other resources. Watch the full webinar below or keep reading to see how consequential phishing can really be.

The Success of One Phisher can Have Dire Consequences

As Clancy Tse wrote on the Wursta blog, “Once attackers are able to acquire legitimate credentials via phishing and social engineering, they can do extensive damage to individuals as well as enterprise IT operations.” The 2022 Verizon Data Breach Investigations Report (DBIR) states, “There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities and Botnets. These four pervade all areas of the DBIR, and no organization is safe without a plan to handle them all.”

The DBIR also analyzed Event Chains, the path an attack followed. The vast majority of breaches include only a handful of steps, and three actions are the most common: Phishing, Downloader, and Ransomware.

No Organization is Safe Without a Plan

As hackers innovate, so must cybersecurity pros. Cybersecurity plans must be regularly updated as well as multipronged. The Cybersecurity and Infrastructure Security Agency (CISA) recently released guidance strongly urging all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats.

Security Awareness Training and Simulated Phishing with KnowBe4

KnowBe4 is the world’s first and largest new-school security awareness training and simulated phishing platform. Their integrated platform lets you train and phish your users, see their Phish-prone percentage™ improve over time, and get measurable results. 

As KnowBe4 puts it, you need a strong human firewall as your last line of defense. KnowBe4 helps thousands of organizations to manage the ongoing problem of social engineering. With the mission of enabling employees to make smarter security decisions, every day, KnowBe4 states they are, “not in the pocket of any of the large players. We answer to no one but IT admins in the trenches.”

If You’re Short on Time, Energy, or Patience…

As an official KnowBe4 partner, Wursta can support your phishing and training campaigns, including creating the environment for you. While KnowBe4 is easy to use, Wursta can manage it all for you, especially if you’re short on time (like most IT pros) or short on patience (like most people.) We can create an automated process that requires almost no maintenance.

Streamline Tackling Phishing Attempts

Another KnowBe4 service enables your users to report phishing emails right within Gmail by clicking a Phish Alert image (suitably, a fishhook). The emails are then sent to the security team for analysis and deleted from the user’s email box without any further actions required by the user.

Definitely an innovative service to have in your tackle box.

Get Started with a Free Trial

Sign up to start your free phishing security test for up to 100 users (no need to talk to anyone). Find out your Phish-prone percentage, which is usually higher than you expect and is great ammo to get budget.

You can also sign up to see all the great content in ModStore, the world’s largest library of security awareness training content. The ModStore preview includes interactive training modules, videos, trivia games, and more.