As user awareness grows, criminals are changing their tactics…

An article review.

First, some good news: Users are becoming more aware of phishing attacks, especially high-ranking users such as executives. Unfortunately, the bad news is that criminals are aware of this and are adapting their strategies to target new groups. The new targets, according to a recent TechRepublic article sent in by our friend Wes Pollard, include lower-ranked employees who may not be as familiar with the attacks and could be more vulnerable.

Part of the reason behind this trend is that in the past criminals have attempted to target high-ranking employees (referred to in the article as ‘whaling’), leading many organizations focus their training on those employees–possibly to the detriment of others, who may think they’re not a potential target.

Additionally, more businesses are removing employee details from their public websites as awareness of pretext calling and internet searches to gather information increases…so the bad guys are now targeting generic aliases (such as ‘suppo[email protected]’ or ‘[email protected]’) which are listed publicly, and which can target entire groups of employees at once.

We think this report goes to show that your training must promote “Awareness At All Levels” to be as effective as possible. Not only does every employee need to be included, the training provided must be updated regularly…because if you’re not addressing evolving threats, is it really awareness training?

Original article by James Sanders writing for TechRepublic.