Phishing Facts
Attempts to trick a user into sharing personal or sensitive information.
What is Phishing?
When an attacker targets specific individual within the organization using real names, job functions, or work telephone numbers to make the recipient think the email is from someone legitimate inside the organization.
What is Spear Phishing?
A phishing technique used by attackers name similarly to a popular MTV show.
What is Catfish?
The personal data of more than three million US senior citizens was exposed in a security oversight by this website. (AARP, SeniorAdvisor, Senior Health, OKBoomer.com, SeniorMatch)
What is SeniorAdvisor?
Percentage of users unable to recognize a sophisticated phishing email (37%, 57%, 73% 82% or 97%)
What is 97%
An attack that uses a fake WiFi hotspot, that actually lures victims to a phishing site when they connect to it. Once victims land on the site, they are prompted to enter personal data, such as login credentials, which then goes straight to the hacker.
What is Evil Twin Phishing
Title of the link/button used to report Phishing emails at our company?
What is Phish Alert Report
This week Hackers are selling the scraped data of 500 million users from this popular social media site.
What is LinkedIn
Percentage of data breaches in 2020 involving phishing attacks (11%, 22%, 33%, 55% or 77%
What is 22%
When an attacker calls a phone number and creates a heightened sense of urgency that make the victim take actions against their best interests.
What is Vishing
An effective way to combat spear-phishing, whereby, if an attacker has your credentials they would still need the information sent to you via a second method to access the targeted account
What is two-factor authentication / multi-factor authentication?
In 2021 attackers sent phishing emails to employees of this southern pipeline/oil company asking them to download a "ransomware update" that was actually malware.
What is Colonial Pipeline/Colonial Pipeline ransomware attack?
Most impersonated brand used in phishing attacks throughout Q4 of 2020 (Google, LinkedIn, Wells Fargo, Bank of America, or Microsoft)
What is Microsoft?
Malicious actors searching for websites a company's employees visit often, then infecting the IP address with malicious code or downloads.
What is Watering hole phishing?
An act by an attacker to use many stolen credentials to try to gain access to users services.
What is credential stuffing?
In 2015, this U.S. computer networking company, was unaware that it had been scammed for 46.7 million through CEO fraud emails and was notified of the activity by the FBI.
What is Ubiquiti Networks?
The top three types of data that are compromised in a phishing attack (geolocation data, online account credentials, personal data, medical data, social media profile data)
What is 1) Online Account Credentials data, 2) Personal data. and, 3) Medical Data?
This is similar to both vishing and smishing, an attacker uses notifications or direct messaging features in a social media applications to entice victims into taking action.
What is Angler Phishing?
The federal agency created in 2018 to lead efforts to enhance the security, resilience, and reliability of America's cybersecurity and communications infrastructure.
What is the Cybersecurity and Infrastructure Security Agency (CISA)?
The two famous technology companies scammed out of more than $100 million between 2013-2015 through an elaborate invoice scam.
What is Facebook and Google