Gone Phishing: Don’t Get Hooked By Deceptive Emails

Written By Jody Gifford

Imagine you’re sitting at your desk, checking your inbox, when an email pops up from “NCMIC Group Management.”

“Dear NCMIC Group account holder,

This email is to inform you your password expire in 24 hours. You must change it now or lose privileges. Pleese follow the link to change: myncmic.com/password. 

The email might look like something you’d get from IT when it’s time to change your password but it’s not. The name of the sender, the fractured grammar, and misspellings all point to a phishing attempt.

The INsider talked to Keith Muhlbauer, director of IT Operations at NCMIC, about the increase in phishing attempts. He provided details about these deceptive emails and what NCMIC is doing to combat them.

What is phishing? How does it differ from spam or junk mail?

Phishing is a type of cyberattack where attackers impersonate legitimate businesses or individuals to deceive users into revealing sensitive information or running malicious software.

Spam email is unsolicited and often unwanted messages sent in bulk to a large number of recipients, typically for advertising purposes.

What’s the most common type of phishing email?

The most common type of phishing email is typically the one that impersonates a well-known company or service, such as a bank, social media, online retailer, or online service like PayPal or Netflix. These phishing emails often try to trick recipients into believing that they need to take urgent action, such as updating their account information, confirming a transaction, or resetting their password.

How many phishing attempts do NCMIC employees receive on a daily basis?

In February, our Exchange email server detected 17,682 phishing and spam emails, blocking an average of 200+ emails per day. 

It seems like we’re seeing more phishing attempts every day. Why is that?

Phishing attempts are on the rise for a couple of reasons. First, it can be highly profitable. As long the cybercriminals are able to profit from phishing, they will continue to get better at it and send more of it. Second, artificial intelligence (AI) and automation are making it easier to send more phishing attempts.

Say I click on a phishing attempt from outside the organization. How does that put NCMIC at risk?

It all depends on what the cybercriminal is trying to accomplish. Here are some of the common risks:

  • Data loss—The cybercriminal will steal log in credentials to exfiltrate protected data and either sell it on the dark web or use the information to steal money.

  • Business disruption—The cybercriminal will trick someone into running malicious software on the company's network that will disrupt business operations. Then demanding money to restore operations. Ransomware is the most typical type of business disruption.

  • Financial loss—The cybercriminal will trick someone into making account changes to redirect legitimate money to fraudulent accounts.

We all receive internal phishing tests to keep us alert on our toes. What happens when we don’t pass those tests?

We use a system called KnowBe4 to automate the phishing tests. KnowBe4 keeps track of all of the tests and the results. Each time a user fails two tests, they are auto enrolled in online training. This is required training that is designed to help the user improve their ability to spot phishing emails. There are three levels of online training. If the user reaches level three, there is an additional face-to-face training to ensure the user understands the dangers of this behavior and we review ways to better identify suspicious emails.

Speaking of, how are we doing as a company? Are we getting better at spotting phishing attempts?

Our goal is not to catch people, and we know it's not realistic to expect 100% success. The goal is to give everyone the tools they need to spot these threats and to maintain a healthy level of awareness so we can stay diligent. The bad guys only have to fool us once, so we have to be diligent every time.

Anything you’d like to add?

Cybersecurity awareness is a critical aspect of NCMIC’s security strategy, and it is essential that all employees understand its significance. These tests are not just an assessment of individual performance but a reflection of our collective responsibility to maintain a secure working environment. Everyone's active participation in maintaining a secure environment is crucial. Please do not hesitate to reach out if you have any questions or concerns regarding cybersecurity or the phishing awareness tests. The Help Desk team is more than willing to provide assistance. You can reach them at helpdesk@ncmic.com or x4490

How to Report a Phishing Attempt

If you receive an email that you believe is a phishing attempt, the Help Desk wants to remind you to use the Phish Alert Report button in Outlook to report it.   

The Phish Alert Report button can only be used on your emails and cannot be used in shared mailboxes or public folders. If you get SPAM in a shared mailbox or a public folder, then you can go ahead and forward to helpdesk@ncmic.com

When to hit the Phish Alert Report Button: 

  • If you suspect an email is a phishing scam

  • If you suspect an email is one of NCMIC's phishing tests

  • If you are confident that the email is a phishing scam

What happens after you click the Phish Alert Report button:

  • You'll get a confirmation message (Report Phish Email).

  • Once confirmed, the email is moved to the deleted items.

  • If the reported email was a Phish Test, you'll receive a pop-up stating it was a test.

  • Email is then sent to Help Desk to review. 

  • Help Desk will ONLY respond if the email is NOT a phishing email.

Jody Gifford
Next

HR News You Can Use