81% of charities say they’ve been targeted by a phishing attack this year, according to Ed Macnair, writing for UK Fundraising. Meanwhile, only 37% of charities think their IT and cybersecurity employees are capable of fending off cyberattacks. Charities face the same types of threats as other organizations, but often have less money to spend on security.
Macnair notes that phishing attacks have grown much harder to detect as attackers have improved their methods. CEO fraud and business email compromise are examples of highly targeted attacks that have proven extremely lucrative.
“Phishing is a good example of cyber attack that has become increasingly sophisticated,” Macnair writes. “The crude mass-email with a compromised link or attachment has fallen out of vogue, and now criminals are opting to send extremely specific, customized emails to catch employees or volunteers out. These attacks target individuals who have access to high-value information, often use email addresses that are almost identical to a colleague or family member, and contain content that, on the surface, is not suspicious at all.”
Macnair adds that only one employee has to fall for a phishing email for the entire organization to be placed at risk. Once the attackers have gained access to one email account, they can use it to launch more convincing attacks against other employees.
Macnair recommends a combination of training and technology to thwart these attacks. He says employee education needs to include the new techniques that attackers are using. New-school security awareness training can provide your employees with the knowledge they need to avoid falling for these attacks.
UK Fundraising has the story: https://fundraising.co.uk/2019/11/01/how-charities-can-protect-themselves-against-phishing-scams/