Skip to content
Shutterstock ID: 1308385402
Shutterstock ID: 1308385402

News -

Sounds phishy? Be mindful #BeRemoteReady

Phishing attacks aren’t going away, and this fact, combined with a significant increase in people working from home, means that employers and employees need to be more mindful than ever.

The risk can increase when it comes to employees that work in a high-pressure environment, as they may find it more difficult to distinguish between a genuine communication from a colleague or third party and a phishing scam.

For the most part, employees will be vigilant about how they’re using their work devices from home and will be wary of messages or emails that ask them to click on a link or share sensitive information, but there is still a small chance that they could be caught out by emails – particularly those that claim to include important announcements or messages from the government or other authoritative sources.

In our latest research, we analysed 1,300 phishing campaigns from our phishing simulation service, Piranha, used to help our customers learn more about phishing attempts.

360,000 emails were analysed, which contained a fake link where users were asked to submit their credentials.

Some of the main findings included:

  • Charities, IT services, and local public sector had the highest click rate
  • Retail, health, and financial services had the lowest click rate
  • Once clicking through, half of all targets were likely to supply credentials, regardless of sector

Apart from the surprising finding that users from IT services had a high click rate, our research showed that phishing attempts are becoming more sophisticated, and highlights how it’s not so easy to spot them.

It reminds us about the importance of being mindful, continuously educating users about how they might be targeted by threat actors and building remote ready cyber resilience organisations – especially in these uncertain times.

To ensure that your workforce remains resilient, it’s important to implement:

  • Controls such as two-factor or multi-factor authentication
  • Account misuse detection through monitoring and analytics
  • Campaign detection and blocking via controls, operations and end-user reporting
  • Encourage employees to be wary of emails from organisations or individuals that may seem out of the ordinary, and ask them to check the sender or confirm any requests by phone.  

If you’d like to find out more about what we uncovered in our latest research, head over to our technical blog here.

And if you’d like some further insight into how you and your workforce can #BeRemoteReady, head over to the Q&A that we did with our own CISO, Dominic Beecher.

Related links

Subjects

Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405

Related stories

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom