Planes, Trains, Automobiles and… Spear Phishing?
With 2013 upon us, it will be a busy year at PhishMe, as we are already scheduled to appear at around 70 events. That means another year of heavy traveling for our sales and marketing team. While it’s definitely exciting to visit new places and introduce new people to PhishMe, as with anything else in life, there are risks involved. Does your organization have employees that travel frequently? If so, they are probably being targeted by phishers.
Employees that are constantly on-the-go receive a slew of emails confirming reservations and itineraries (we speak from experience), and are thus easy targets for phishers. For example, a busy employee has an upcoming flight and receives an email warning of a schedule change. A change could throw off the schedule for a critical meeting, so this email has appealed to emotion by threatening to disrupt important plans. From reading Twitter posts, the criminal knows what airline an employee is traveling on, and that the flight leaves early in the morning. From the airline’s website, the criminal can deduce the exact number of the flight the employee is taking. Perhaps this criminal even knows which conferences your employees are traveling to and which hotel chains your company uses, and can tweak an email to be very specific and accurate.
This threat is real, and major airlines have been warning customers. Delta Air Lines issued a warning to customers about a new phishing attack that claims the recipient has purchased a Delta ticket, a credit card has been charged, an invoice/receipt is attached to an email, or a website may offer free flights for following or liking an account.
US Airways has issued similar warnings, and American Airlines maintains a page with phishing warnings and tips for its customers, including examples of recent phishing emails (many of them appearing quite genuine) that customers had received. American’s page in particular, offers a great resource, but is skimming that page as effective as an immersive training exercise delivered to your employees’ inboxes?
By implementing a PhishMe program at your organization, you’ll empower your employees to recognize the signs of a phishing email, giving them the knowledge to properly react to those emails without slowing down their travel schedule or compromising your organization’s network.