Now here is a real IT Horror Story. A brand new KnowBe4 customer which had not yet trained their employees decided to test their staff with one of the new templates we had just released.
This template was our response to a current resume ransomware campaign, which is what CryptoWall 3.0 is using at the moment. These cyber criminals are sending emails from a fictitious girl (the names change all the time) and no link to click on, but just a resume attachment which is a zip file. If an employee opens the attachment, the zip file turns out not to be a resume but a malicious executable that encrypts all the files on disk, plus any network share it has access to.
This bank made a small change in our template and made it into "teller resume" with a docx attachment. Out of 63 recipients, a whopping 38 opened the attachment. That's a 60% phish-prone percentage. You see the anonymized Phishing Security Test screen here, something gruesome to behold. This bank's network would have been completely demolished by ransomware. OUCH.
It shows the dire need to step all employees through effective security awareness training, from the CEO down to the mail room, so that they stay on their toes with security top of mind.
