(At the end of this article, learn how to conduct a phishing test on your law firm for free!)
Did you know that 60% of spoofed email attacks do not include a malicious link?
Many users think they are safe from cybercrime as long as they don't click on something in an email. But the bad guys have once again tweaked their tactics and are learning how to build trust in naïve users before going in for the steal. Through the use of a social engineering tactic called “pretexting,” the crooks establish trust with key users by pretending to be someone they know in order to carry out a damaging attack.
Even scarier, research shows that, when crafted well, most users are likely to fall victim to one of these highly targeted phishing attacks.
No Links or Attachments Means Users Feel Safe When They Shouldn’t
“Pretexting” attacks usually do not have links or attachments and simply trick your users into replying to the email and performing actions that lead to monetary or data loss for your organization. How do they do this? The crooks impersonate your CEO, CFO or even third-party organizations and convince your users – often in accounting, HR or even IT – into making wire transfers or other sensitive transactions. (Check out this related article on “Friday afternoon fraud,” a tactic that has tricked law firm employees.)
And the outcomes are catastrophic for the organizations involved. In fact, these targeted and sophisticated phishing attacks, also known as Business Email Compromise or CEO fraud scams, have exceeded $12.5 billion in total known losses worldwide.
How Can You Protect Yourself?
Savvy Training & Consulting is proud to partner with KnowBe4, the world’s most sophisticated and effective security awareness training company. And, because Savvy knows the legal industry, we add value to the law firms who use KnowBe4, offering industry-specific advice for more impactful law firm trainings.
Specific to “pretexting” attacks, KnowBe4 has launched a new Phishing Reply Test (PRT), which makes it easy for you to see if key users in your organization will reply to a highly targeted impersonation attack. PRT will give you quick insights into how many users will take the bait so you can train your users and better protect your organization from these fraudulent attacks.
Here’s How the Phishing Reply Test Works:
Begin by selecting one of three phishing email templates
Spoof a sender’s name and email address whom your users know and trust
Go phishing: blast it out to your designated audience
You will receive all replies that users send in response to the phishing campaign
You will receive a PDF emailed to you within 24 hours with the percentage of users who replied
Would you like to identify how many of your users take the bait? As a KnowBe4 certified partner, I can give you the Phishing Reply Test for free. Contact me today and let’s phish your firm!