Phishing, or the scams where bad actors send you a fake email to fool you into giving up your password or banking information, is rife. Unfortunately, phishing is a bigger threat than ever, because it works, enabling attackers with the scale and ability to go after hundreds or even thousands of targets all at once. Phishing attacks are becoming more common and more sophisticated all the time, and no one is safe.

With this in mind, in October this year, the European Cybersecurity Month (ECSM) is celebrating its 10-year anniversary, as it first debuted in 2012, and for this special occasion, the 2022 edition of the ECSM is focusing on phishing and ransomware and will be holding a series of activities taking place all over Europe, throughout October.

The most popular delivery method for a phishing scams is still email. Having said this, this type of attack can be aimed at the unsuspecting via text messages on a phone, on social media sites, or through a slew of other channels. These messages are carefully crafted to appear as if they are coming from a legitimate source, and if the attack is targeted, such as in the case of spear phishing, the attacker might be armed with personal information about the victim, which raises his chances of success considerably.

Often the threat actor will urge their target to take immediate action, hoping that this may encourage them to act swiftly out of fear rather instead of considering the content of the email. This could include an email from the Receiver of Revenue saying the user is late with their taxes and needs to urgently click on a link. It might be a bank saying a bill is overdue, or a cheque has bounced and needs immediate payment. Another example might be an email that says something such as: ‘Follow this link to log in and reset your password because your account has been compromised, and your payment information is at risk’ - the possibilities are endless.

If these tricks work, the user is often conned into opening a malware-laden attachment, and their system could be infected, and all manner of bad things might occur. For one, they could download ransomware which will see them being locked out of all their systems and files, unless they pony up a large ransom, usually in bitcoin, to get a decryption key. Or, the attackers might have captured the victim’s login information which could be used to clean out their bank accounts or breach other accounts using the same information. This is why it is key to never use the same login credentials across multiple accounts.

Almost everyone with an Internet connection will have seen at least one phishing scam in their inbox at some point or another, and many have even fallen for these scams. All reports indicate that the number of phishing attacks continues to soar, and shows no signs of slowing down.

Unfortunately, despite the growing frequency, complexity, and costs associated with successful phishing scams, not enough businesses are testing the cyber security skills of their workforces with exercises such as simulated phishing campaigns. This is why training is so important because employee vigilance is key to protecting businesses from the threat of phishing attacks.

Ransomware: survival guide

Increase your cyber awareness and protect your assets!

During the course you will learn how to become prepared to prevent ransomware and how to react and act if your company falls victim to it.

The course covers basic knowledge of how ransomware works, what are the main crimeware groups behind it and their usual modus operandi, as well as basic and advanced prevention measures you can take. The course is available in Spanish.