Would your staff realize if that person they’ve been talking with through LinkedIn isn’t really an executive at a big-name bank? Would they be able to tell that this “employee” is actually a cybercriminal hiding behind a fake social network profile so that they can gain enough information to break into your business’ computer network? If not, then you'll need to take action to educate your employees concerning the dangers of phishing attacks. A recent PCWorld story illustrates this in chilling detail.
The PCWorld story showcased a recent phishing scam in which a cybercriminal crafted a fake LinkedIn account for a fake woman who allegedly worked at a real online dating site. This poser used the identity to amass followers at companies across the globe, and attempted to get enough details from these followers to break into business' networks.
The most chilling part? The PCWorld story makes it obvious that a lot of small business owners are woefully unprepared to beat back phishing attacks, primarily because they don't take the time to educate their employees regarding how to recognize them. PCWorld cites a survey by ThreatSim that discovered that nearly 60 percent of 300 IT executives, administrators and professionals in U.S. organizations mistakenly considered phishing to be only a minimal threat.
The PCWorld story should make it clear that phishing is certainly not a minimal threat for businesses. As reported by the same survey, more than one in four respondents reported phishing attacks that led to a material breach within the last year. The message here? Look out for those people your employees meet on social networks. One never knows which ones might not be legitimate.