This week I received a phishing email that caught me off guard. Fortunately, I was suspicious and took some preventive actions, although it was certainly more sophisticated than I was used to. For example, it came from a legitimate-looking Gmail account in the name of a person who identified himself as an non-executive director of a company and invited me to discuss a professional opportunity in Mexico.
As you can see, this is no longer a random person, with an extravagant name, offering you to share a treasure or asking you for economic aid. As confirmed by a simple Google search, the person, his role in the company and the company itself were correct. Also, my current interest, is precisely on independent board membership in Mexico, which made the email particularly (and dangerously) attractive to me. An innovative and damaging use of artificial intelligence!
It’s clear that email phishing continues to be one of the most common methods of cyberattack, representing a material challenge for companies.
Since the beginning of the pandemic, experts alerted that cyberattacks were going to increase, and they were right! As employees start returning to their workplaces, is key to retrain them in new cyberthreats. Moreover, based on past experiences (and, I’m sorry to say, failed tests), it’s important to consider phishing tests.
Phishing tests can be very effective to create practical knowledge and consciousness from employees and to be able to closely monitor those who experience repeated failures, subjecting them to more intensive training, restricting their accesses and/or taking other preventive measures.