And here are this week’s Top 10 “In The Wild” phishing attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.
We “defang” these attacks and have them updated real-time in a campaign that customers can run regularly to test employees against the “real thing”.
- “Chase/JP Morgan: Online Access Restricted” – Spoofed bank email asks users to click malicious link to restore account access.
- “WhatsApp: Missed Voicemail Notification” – Fake WhatsApp voicemail notification delivers malicious link.
- “Uber: Update Your Account” – Fake Uber software update notification invites users to click malicious link.
- “Sharepoint Security Alert – Action Required” – Spoofed Sharepoint email asks users to click malicious link to restore account access.
- “ShareFile/Citrix: Urgent Info regarding your Sharefile Portal” – Fake Sharefile email offers malicious link for users to click.
- “NatWest: You sent a payment of 2939.00 GBP to Best EBuyer Limited” – Spoofed bank email offers details on an alleged payment via a malicious link.
- “De-activation of Email In Process” – Users are required by fake IT admin email to click a malicious link in order to preserve account.
- “Payoff Authorization” – Email delivers malicious attachment presented as a mortgage payoff authorization.
- “VAT Return and Payment Overdue” – Fake VAT return and payment form delivered as attachment to a spoofed bank email.
- “FW: Confidential” – “Confidential” notification tells user to click a malicious link or open an HTML attachment to obtain a “secure” message.
Note that these have made it through all the filters and into the inbox of the employee. That is one of the reasons we continue to remind IT pros that creating a human firewall is an essential last line of defense which you cannot do without.
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security. Get a product demonstration of the innovative KnowBe4 Security Awareness Training Platform. In this live one-on-one demo we will show you how you can:
NEW Access to the world’s largest library of security awareness training.
NEW Social Engineering Indicators technology, turns every simulated phishing email into a tool you can use to instantly train employees.
Send Simulated Phishing tests and drive down the Phish-prone percentage.
Advanced Features: EZXploit™ automated “human pentest”. USB Drive Test™
Active Directory Integration allows you to easily upload and manage users.
Reporting to watch your Phish-prone percentage drop, with great ROI.
[contentblock id=74 img=gcb.png]