Connect with us

Featured

The phishing you fall for

KnowBe4 has released Q4 2019 top-clicked phishing report

Published

on

More than a third of people taking part in simulated phishing tests fell for it when they received an urgent message to check a password immediately. KnowBe4, a security awareness training and simulated phishing platform, reported in its Q4 2019 top-clicked phishing report that 39% of users fell for this kind of message.

KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular, at 55%, followed by Facebook, at 28%.

“With more end users becoming security-minded, it’s easy to see how they fall for phishing scams related to changing or checking their passwords,” said Stu Sjouwerman, CEO of KnowBe4. “They should be especially cautious if an email seems too good to be true, such as a giveaway. As identifying phishing attacks from legitimate emails becomes trickier, it’s more important than ever to look for the red flags and think before you click.” 

In Q4 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed “in-the-wild” email subject lines that show actual emails users received and reported to their IT departments as suspicious. They reported the following results:

Top 10 General Email Subjects

  • Change of Password Required Immediately 26%
  • Microsoft/Office 365: De-activation of Email in Process 14%
  • Password Check Required Immediately 13%
  • HR: Employees Raises 8%
  • Dropbox: Document Shared With You 8%
  • IT: Scheduled Server Maintenance – No Internet Access 7%
  • Office 365: Change Your Password Immediately 6%
  • Avertissement des RH au sujet de l’usage des ordinateurs personnels 6%
  • Airbnb: New device login 6%
  • Slack: Password Reset for Account 6%

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q4 2019 included:

  • SharePoint: Approaching SharePoint Site Storage Limit
  • Microsoft: Anderson Hauck has shared a Whiteboard with you
  • Office 365: Medium-severity alert: Unusual volume of file deletion
  • FedEx: Correct address needed for your package delivery on [[current_date_0]]
  • USPS: Your digital receipt is ready
  • Twitter: Your Twitter account has been locked
  • Google: Please Complete the Required Steps
  • Cash App: Your Account Has Been Closed
  • Coinbase: Important Please Resolve Error Now
  • Would you mind taking a look at this invoice?

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

* For more information, visit www.knowbe4.com.

Featured

TikTok takes on COVID-19

The fastest growing social media platform in the world has also become an epicenter of public education about the coronavirus, attracting more than 30-billion views, writes ARTHUR GOLDSTUCK

Published

on

The young have been getting a bad rap for wanting to party on while COVID-19 sends the world into lockdown. But a different movie is playing itself out on the social platform that is growing fastest among teenagers: TikTok.

Awareness campaigns by TikTok itself, collaboration with the International Red Cross, and spontaneous videos made by TikTok creators have combined into a barrage of information, education, awareness and social consciousness around the coronavirus.

Both globally and in South Africa, TikTok’s COVID-19 campaigns have gone viral.

The local #HayiCorona challenge, designed to remind people not to touch their face and wash hands regularly, has passed 1.5-million views. The TikTok collaboration with the International Red Cross, the #WashingHands challenge, has passed 12.6-million views.

One of the best-known participants in these challenges is the past year’s icon of South African talent, the Ndlovu Youth Choir, took up the global challenge with a 20-second hand-washing video. It put together a performance that brings tremendous energy to what can be a clichéd message, and ends with a punt for the Department of Health’s WhatsApp information service. The video can be viewed below.

@ndlovuyouthchoir

Our community has limited access to running water. Follow these instructions on how to safely wash your hands using a bucket. ##coronavirus##washinghands

♬ original sound – ndlovuyouthchoir

“On a global scale, TikTok also partnered with the World Health Organization (WHO) to ensure that, while creators are still having fun and expressing themselves on the platform, they stay informed with COVID-19 information coming from a reliable source,” a TikTok spokesperson told us. “Through the partnership, the WHO has created an informational page on TikTok that offers information to curb the spread of the coronavirus as well as dispelling myths.”

The page can be viewed at https://vm.tiktok.com/GHTEGf

TikTok has hosted a number of livestreams with WHO experts, attracting users from more than 70 countries, tuning in for live question and answer sessions. It has also introduced labels on coronavirus-related videos, to point users to trusted information. Resources are also offered directly in the app and in a dedicated COVID-19 section of TikTok’s Safety Center, at https://www.tiktok.com/safety/resources/covid-19.

If users simply want to explore videos on the topic, they can search via the #coronavirus hashtag, or click on https://vm.tiktok.com/swKbn4. The hashtag has had an astonishing 33.8-billion views, indicating the scale of activity and interest around the topic on the platform.

Read more on the next page about how South Africans have embraced the campaign.

Previous Page1 of 3

Continue Reading

Featured

On World Backup Day: backup, backup, backup

Published

on

It was World Backup Day yesterday, 31 March, at a time when business continuity is threatened as never before. That makes calls for protecting email and defending against ransomware all the more urgent.

The global coronavirus pandemic has brought into stark relief many organisations’ lack of business continuity plans and policies. With more than two billion people around the globe in forced lockdown in wide-ranging government efforts to stem the tide of infections, an unprecedented number of employees are working remotely.

This interruption to the normal way of work is precisely what an effective and resilient business continuity strategy should plan for, says Heino Gevers, cybersecurity specialist at Mimecast

“Companies need uninterrupted access to critical business applications during times of disruption, including safe and secure web and email access for workers that are now operating outside the normal perimeters of the organisation,” he says. “In addition, comprehensive backup and archiving solutions should be ready to restore access to critical business applications should there be any unplanned downtime to ensure continuity until the crisis passes.”

According to Gevers, the current global crisis is likely to push business continuity up the list of priorities for many organisations that have been disrupted by the effects of the coronavirus.

“Organisations are facing new challenges to their productivity; for example in terms of technical support. If a remote user is infected with malware or ransomware, how does the IT team restore that device or do any remediation without being able to physically access it?”

Gevers advises that organisations implement tools that enhances the data protection capabilities of commonly-used tools such as Office365 and can leverage archived data to provide quick recovery of email data in the event of accidental loss, malicious attacks or technical failure. 

“As adoption of cloud-based business applications grow in the wake of forced lockdowns around the globe, companies need to ensure they have the tools to recover in any situation,” he says. “This includes a data management strategy that combines archiving, backup and data protection capabilities to allow for quick restoration of critical systems and applications in the event of disruption.”

Jasmit Sagoo, head of technology at Veritas for the United Kingdom and Ireland, warns that this is a golden age for cybercriminals looking for ransomware opportunities.

“As the global cost of ransomware continues to grow, this World Backup Day, Veritas is saying: ‘don’t pay up, back up!’,” he says. “Ransomware is said to generate an estimated annual revenue of $1 billion a year, and companies who are not consistent in backing up their data are allowing criminals to line their pockets.

“Ransomware attacks exist only because some businesses can’t survive unless the hackers give them back their data.  So, the key to survival is removing that reliance and being able to regain access to data, without engaging with the cybercriminals.  The best way to do that is with a sound backup strategy.

“Sagoo advises organisations to create isolated, offline backup copies of their data to keep it out of reach of any attackers.  They then need to proactively monitor and restrict backup credentials, while running backups frequently to shrink the risk of potential data loss. Businesses should also test and retest their ransomware defences regularly.

“Ransomware strikes without warning and it doesn’t discriminate between its targets – it can happen to any organisation, large or small. Despite their best efforts, most companies will fall to at least one attack. What distinguishes one victim from another is the ability to bounce back, which ultimately depends on its backup strategy.

“When ransomware hits, organisations that aren’t prepared often feel helpless to do anything other than to submit to their attacker’s demands.   That’s why we’re urging all businesses to use World Backup Day as a catalyst to get ahead of the situation and get their data protected.”

Continue Reading

Trending

Copyright © 2020 World Wide Worx