Phishing emails allegedly from social media sites have transformed into a top target for cyber-criminals.
And of all social media, you’re probably most comfortable with your finance staffers using LinkedIn. After all, it’s the business-focused resource.
Turns out, it’s also the one most likely to get your company phished.
Social media phishing attacks have grown at a distressing rate – up
75% this year, says IT security awareness trainer KnowBe4.
And the No. 1 route in: LinkedIn.
In 56% of subject lines
In an analysis of tens of thousands of simulated phishing tests, the word LinkedIn appeared in 56% of them. That’s more than all other social media platforms combined!
You can understand why this is becoming such a popular route in: People love social media because it offers a way to feel connected. Then add on the perception that a business-focused site is more trustworthy and it’s a slam-dunk for crooks.
This is something you want to get out in front of ASAP.
Make sure every member of your finance team understands this phishing email threat and knows to look carefully before clicking on any message with LinkedIn in the subject line. (Maybe only access it through the site.)
Folks keep on getting phished
When it comes to phishing email attacks, you know the buck often stops with employees, which is why most companies – hopefully yours included – have stepped up efforts to educate folks on what to watch for.
But in many cases it’s not working.
That’s what security awareness provider Wombat Security Technologies recently uncovered.
Wombat analyzed responses from its own security training platform to see where users still just weren’t getting it when it came to phishing exposures.
Based on the results you’ll want to have your own IT folks circle back around on three fronts with employees for more training:
- how to use social media safely (31% of folks struggled with this)
- how to protect and remove sensitive data (30% were tripped up by this), and
- distinguishing phishing emails from regular ones (28% couldn’t).
Focus on this top training tool
Fake phishing attacks can be a great training tool … when executed properly.
To combat this ever-increasing threat of phishing attacks, many companies have started “fake phishing” their own employees to identify who needs more training.
Smart move. But it’s not without time and financial investments to do it. Which is why you want to make sure IT is embracing some best practices with this training tool.
It’s worth double checking that your techies are tapping these as they craft their phishing “attacks”:
- It gets sent to your entire workforce. Without 100% participation you’re just as vulnerable as if you didn’t do the test.
- They embrace just-in-time learning. The second Josh in Marketing clicks on a link he shouldn’t, that’s when training gets conducted. That’s when it makes a lasting impression, not in a few days.
- It’s a continuous cycle. This kind of training can’t come in predictable intervals. It should be ongoing and in response to real threats out there at the moment so employees always know what to look for.