Basic training in avoiding phishing is no longer sufficient



Databreaches.net has forums and one of their posts really got our attention. It was an official notification from the legal department of Boise Cascade Company in Utah about a phishing attack. Click on the picture for the PDF in the DOJ.NH.GOV site: 

Boise_Cascade_Utah

 

"Oof.  I read something like this notification below from Boise Cascade Company in Utah, and I wonder if the employees had been regularly trained in avoiding phishing attacks, or if it was just the case that the phishing was done so damned well that the employees fell for it despite their training. In this case, the intrusion was part of a scheme to alter or redirect employees’ payroll direct deposit accounts.

"The Company’s investigation determined that a phishing scheme got into its email system on or about October 31, 2017. Our information technology team caught the scheme within minutes of the first phishing email, blocked the email, and notified employees not to click on the link in it or similar emails. Unfortunately, approximately 300 employees clicked on the link anyway. The investigation further revealed that company-wide, 23 employees’ direct deposit instructions were changed. I’d love to see what that phishing email looked like if 300 people fell for it.  "

Yeah, we'd like to see that too. You can also test your own employees to see how many will fail with our free phishing security test. 


Free Phishing Security Test

Did you know that 91% of successful data breaches started with a spear-phishing attack?

Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our new, improved free test. 

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing

Subscribe To Our Blog


Phishing & Social Engineering Trends On-Demand Webinar

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews