Would your employees realize if that person they’ve been talking with through LinkedIn isn’t really an executive at a big-name bank? Are they going to be able to tell that the “employee” is actually a cybercriminal hiding behind a fake social network profile so that they can gain enough information to sneak into your business’ computer network? If not, then you need to take action to educate your employees about the dangers of phishing attacks. A recent PCWorld story highlights this in chilling detail.
The PCWorld story pointed out a phishing incident that Websense Security Labs uses as an example: In this attack, a cybercriminal created a fake LinkedIn profile of a woman named Jessica Reinsch, who was supposed to be an employee of a real dating Web site. Jessica Reinsch, though, does not exist. And the villain behind the fake ID used it to accumulate important information from a variety of businesses. The fear? That this imposter could have used this data to hack into business' networks.
Caught Off Guard
The truth is, as the PCWorld story shows, many businesses are not prepared for phishing attacks. A survey by ThreatSim found out that almost 60 percent of 300 IT executives, administrators and professionals in U.S. organizations considered phishing to be a minimal threat.
The PCWorld story makes it clear that phishing is anything but a minimal threat for businesses. According to the same survey, more than one in four respondents reported phishing attacks that led to a material breach within the last year. The message here? Be cautious about those people your employees meet on social networks. One never knows which ones may not be legitimate.