Phishing is actually a sub-category of social engineering that is very specific to email and was identified by healthcare IT executives as the top future cybersecurity threat. It has been the root cause of many recent breaches and even led to an expensive OCR settlement towards the end of 2015.
In a standard phishing scheme, an attacker constructs an email to look as close as possible to one coming from a trusted source (e.g., bank, insurance company, well-known brand, etc.) with the intent that the recipient will assume the contents of the email must be trustworthy because they came from a trustworthy source. In reality, the links in the email are to a nefarious location constructed to extract information from the recipient through various technical means. The data lost in these types of attacks can be as simple as a user being tricked into typing in their user credentials to “confirm them” (thereby giving the attacker their credentials to log into their account) or as extensive as theft of data residing on the target computer by way of a web-based script that retrieves select information from the target’s computer without them ever having done anything other than click on a few links.
To facilitate a phishing assessment, CynergisTek utilizes a combination of insider knowledge and the latest trends in phishing to achieve a realistic scenario designed to entice employees into investigating the email and handing over restricted or sensitive information. Findings from this study provide insight into the workforce’s ability to take a critical eye to suspicious emails, as well as deliver detailed reporting about how far into the phishing net they swam (and the information they might have divulged should it have been a real attack). Our phishing assessment has helped thousands of users become more knowledgable of deceptive phishing efforts, and it will help you create a culture of cybersecurity awareness and empower your staff to be more cautious of suspicious emails.