A Phishing attack is a type of social engineering attack where an attacker attempts to trick its victims into sharing information (SSN, password, date of birth, address account details, etc.).
They might act like a trusted entity to deceive their victims. Sometimes they use emotions like fear, urgency, greed, and curiosity to make their victims act on what they want them to do.
Phishing attackers are designed to appear to come from legitimate individuals or organizations. The attacks may strike using email, text messages, or websites to trick their victims while posing to come from legitimate individuals or organizations.
One of the most common forms of phishing is email phishing. An email phishing is when attackers send links or attachments designed to infect the recipient’s system with malicious software or lure them into providing financial information, system credentials, or other sensitive data.
The MasterCard cybersecurity virtual experience program on phishing email simulation helps security analysts build the needed skills and excel at their roles.
As an analyst on the security awareness team with MasterCard, they are responsible for developing and delivering training that helps employees increase their security mindset.
The email phishing simulation campaign is one way of doing this. The security analyst team tests the staff every month by sending a phishing email that is made to look like something a bad actor would send.
The results of the simulated test are used to help design and implement strategies, and training to increase the security mindset.
From one of the simulated tests carried out by the team, the result indicated below shows.
Next staff is trained on how to spot phishing emails. Such ways include but are not limited to;
- Suspicious-looking source email address. If it’s an email address is one you not familiar with kindly call on the cybersecurity team, don click on it.
- Sometimes beware of emails with a generic salutation like “Dear customer” instead of the customization most organizations offer.
- Spoofed hyperlinks. For hyperlinks, hover your mouse over the link to display the URL. if it’s not familiar kindly call on the cybersecurity team, don’t click on it.
- Be on the lookout for Poor spelling, or sloppy layout.
- Be careful of suspicious or unusual attachments. Treat all attachments and links with caution.
- In certain situations where you are not sure you can spot a phishing attack and you can avoid trouble by just deleting the message.
Possible ways to stop getting phished includes;
- Always be suspicious of any message that requests you to click a link or open an attachment.
- Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
- If you are concerned about a message, contact the person or the organization using a different, validated method like a phone number you already had or check the organization’s website ‘Contact Us information. Never use the links or contact information in the message you are concerned about.
- Be careful not to provide personal or sensitive information in response to a message.
The solution to these types of social engineering attacks is caution and critical thinking, as much as possible avoid opening emails or clicking links from unknown sources.
To take the MasterCard Cybersecurity Virtual Experience Program on phishing email simulation, click here.
Very good article. I absolutely love this site. Thanks!