CybEssential specialises in providing Security Awareness Training and Phishing Simulations to your people. We believe that ensuring your staff are aware of current tactics used by attackers, as well as helping them learn to recognize phishing emails using our simulations, can reduce the risk to organisations.
The Security Awareness Training and Phishing portal can operate as self service, which can be handy for organisations with large security teams. Or let us do the hard work for you as your Virtual Training Managers!
Phishing is not just about emails, here are some of the most common phishing techniques:
An email sent to millions of individuals, requesting they fill in personal information. Majority of these emails include an urgent notice requiring the user to enter credentials to update account information, modify details, or verify accounts. They may be prompted to fill out a form in order to gain access to a new service via a link supplied in the email.
Spear phishing, as it sounds, is significantly more focused than traditional phishing tactics. Here, the hacker is wanting more valuable information than credit card information and is targeting a specific person or organisation. They conduct research about the target in order to personalise the attack and improve their chances of success.
Content injection is a phishing technique in which a phisher modifies a portion of the content on a trusted website's page. This is done to trick the visitor into visiting a page that is not part of the real website and then being requested to provide personal information.
One of the most sophisticated phishing strategies is Web-Based Delivery. The hacker, often known as a "man-in-the-middle," sits between the original website and the phishing system. During a transaction between the genuine website and the user, the phisher tracks details. As the user continues to send information, the phishers collect it without the user's knowledge.
The phisher delivers a link to a bogus website using the link manipulation technique. When a consumer clicks on the phishing link, it takes them to the phisher's website rather than the one stated in the link. Users can avoid falling for link manipulation by hovering the mouse over the link to see the actual URL.
Some phishing schemes employ search engines to drive users to product sites that may advertise low-cost goods or services. When a consumer attempts to purchase a product by providing credit card information, the phishing site collects this information. Many bogus bank websites claim to offer low-cost credit cards or loans, but they are actually phishing sites.
Malvertising is deceptive advertising that includes active scripts that download malware or install unwanted software on your computer. The most common methods used in malvertisements are exploits in Adobe PDF and Flash.
Hackers create forged websites that look exactly like authentic websites. The purpose of website forging is to trick users into entering information that can be used to defraud or initiate additional assaults on the target.
The Australian Cyber Security Centre received over 67,500 cybercrime reports in the 2020-2021 financial year, about 13% more than in the previous year: see here.
The cost of these cyber incidents is significant, and it is closely linked to compliance levels. According to IBM’s 2021 Cost of a Data Breach Report, organisations with a high level of compliance failures (resulting in fines, penalties, and lawsuits) had an average cost of a data breach of $5.65 million, compared to $3.35 million for organisations with a low level of compliance failures. A difference of $2.3 million or 51.1 percent.
With one of the largest libraries of Cyber Security Awareness Training content; including interactive modules, videos, games, posters and newsletters. You can set automated training campaigns with scheduled reminder emails or even upload your own content!