Phishing Facts
Attempts to trick a user into sharing personal or sensitive information.
What is Phishing?
When an attacker targets specific individual within the organization using real names, job functions, or work telephone numbers to make the recipient think the email is from someone legitimate inside the organization.
What is Spear Phishing?
A social engineering technique used by attackers name similarly to a popular MTV show.
What is Catfish?
Hackers are recently selling the scraped data of 500 million users from this popular social media site.
What is LinkedIn
Percentage of users unable to recognize a sophisticated phishing email (37%, 57%, 73% 82% or 97%)
What is 97%
When a hacker leaves an item like a flash drive in the open in hopes of a victim becoming curious and downloading the contents of the drive onto their machine.
Baiting
Name of the link/button that should be used to notify your organization of a phishing email.
What is the report button.
The two famous technology companies scammed out of more than $100 million between 2013-2015 through an elaborate invoice scam.
What is Facebook and Google
Percentage of data breaches in 2020 involving phishing attacks (11%, 22%, 33%, 55% or 77%
What is 22%
A Phishing attempt sent via a text message
Smishing
An effective way to combat spear-phishing, whereby, if an attacker has your credentials they would still need the information sent to you via a second method to access the targeted account
What is two-factor authentication / multi-factor authentication?
In 2013, this organization's HVAC service was phished and resulted in one of the largest breaches in history.
What is Target
Most impersonated brand used in phishing attacks throughout Q4 of 2020
What is Microsoft?
When an attacker calls a phone number and creates a heightened sense of urgency that make the victim take actions against their best interests.
What is Vishing
The federal agency created in 2018 to lead efforts to enhance the security, resilience, and reliability of America's cybersecurity and communications infrastructure.
What is the Cybersecurity and Infrastructure Security Agency (CISA)?
In 2021 attackers sent phishing emails to employees of this southern pipeline/oil company asking them to download a "ransomware update" that was actually malware.
What is Colonial Pipeline/Colonial Pipeline ransomware attack?
The top three types of data that are compromised in a phishing attack
What is 1) Online Account Credentials data, 2) Personal data. and, 3) Medical Data?
This is similar to both vishing and smishing, an attacker uses notifications or direct messaging features in a social media applications to entice victims into taking action.
What is Angler Phishing?
An act by an attacker to use many stolen credentials to try to gain access to users services.
What is credential stuffing?
In 2015, this U.S. computer networking company, was unaware that it had been scammed for 46.7 million through CEO fraud emails and was notified of the activity by the FBI.
What is Ubiquiti Networks?