News Insights: The New Vade Secure Phishing Report

Colin Bastable, CEO of cybersecurity prevention and awareness training company Lucy Security, commented on the new phishing report from email security provider Vade Secure that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks:

“There is a big debate around the “impropriety” of using realistic or close approximations of major brands in simulated phishing attacks. Some vendors and businesses prefer to avoid using realistic logos and screens. Others prefer to replicate the real world dangers that people face every day – it makes sense to teach people that an apparently legitimate logo or screen may well be a real phishing attack.

Surprisingly, simple 2 or 3 line phishing emails with links are often far more effective than elaborate and realistic uses of logos. A good approach is to run frequent simulation campaigns which blend different scenario types and styles, from very realistic to very minimalistic, and to sometimes include obvious errors so that the more susceptible members of staff can learn to spot attacks.

The danger is evolving all the time. Solutions are available that anticipate future attacks by tracking the purchases of “typo-squatted” domains which may indicate targeted attacks, and even allow organizations to identify their employees’ credentials which are being sold on the Dark Web.

It only takes one attack to be successful. CISOs need to teach their colleagues across the organization that attacks come in many forms, and they must prepare their people accordingly.

Whether the attackers use realistic and leading brands or simple three line emails with innocuous links, the bad guys WILL succeed. Therefore a cyberdefense phishing simulation platform should also include “what if” tests for infrastructure, to identify weaknesses that hackers will use to deliver malware and exfiltrate data.”