With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?
It’s a common misconception that simply making employees and consumers more aware of potential phishing attacks will lead to their prevention. In many situations, users take part in security awareness programs but they still click on malicious links from untrusted sources. At PhishMe, we change behavior and prevent future attacks by immersing employees in mock phishing exercises.
Let’s face it: a voter is a voter, whether at home or in the office, and election scams make them easy to exploit. In order to protect voters – your employees – from these malicious emails that can put sensitive data – your IP – at risk, awareness and education is an essential step. That being said, not all education is effective as cyber criminals evolve their emails over time, therefore what used to be an obvious phishing scam email isn’t so obvious anymore.
In the 2008 presidential election, we saw a surge of malicious activity, including sophisticated phishing emails. It even continued for several months after President Obama was elected, proving the effectiveness of these scams and the vulnerability of voters. Interestingly enough, these emails have evolved from having only the main headline contain malware to emails containing multiple malicious links in 2012. If those receiving the email decide to click on a different story rather than the headline, they are still compromised.
Spear-phishing has become more prevalent every year, especially around events appealing to large populations. A few months ago, we saw phishing scams increase around the Olympics, and we’re seeing it again with the election season in full force. With just a few days left before the election, Internet and email users are particularly vulnerable election themed phishing attacks.
These events allow social engineers to take advantage of human emotions, such as our passion for which candidate should run this country but, humans can learn to avoid behavior that puts personal and company data at risk. The weak link in the chain can be significantly strengthened through effective and immersive education – effectively making the whole chain much stronger.
PhishMe Content Writer/Editor