3 minute read
Phishing emails that get the most clicks
Tech Reporter
What qualifications do you recommend?
Advertisement
Boston offers the Diploma in Systems Development and the Diploma in Network Systems. These diplomas require a commitment of time and energy - but they will deliver skills and career opportunities on a local and global level. Of course, there are other shorter qualifications which require shorter time commitments, and these are good for getting into the job market quickly, and gaining more skills as you work. Remember that ICT is a lifelong learning career, but luckily it is also an international one high in demand. Type of personality that would enjoy this kind of career?
The best personality traits to have for this position would be: a positive attitude, prioritisation abilities, accountability, honesty and patience.
What challenges have you had to overcome?
One of the biggest challenges an IT manager faces is to accept all kinds of complaints about systems, staff, networks etc, and get them sorted out without taking any of the complaints personally or to heart.
Advice for grade 11 and 12 learners considering this career?
If you are considering a career as an IT Manager then you will need to learn how to take responsibility for someone else’s actions. In the end, you will be the one everyone looks at when something goes wrong with infrastructure or systems, even if it is not your fault or a fault of the I.T. department you will ultimately need to accept responsibility and sort out the issue. And the best advice? Get started with your studies!
Is continuing education and further studies important in your type of career?
It is always important to study further to improve your skills in IT and to learn new systems
Does the Industry (and your type of position) that you are in, face gender bias?
I would like to think not, but the ratio of men to woman in the IT industry is much higher. I would like to think that a company employs the best candidate for the position and not base the decisions on gender.
A recent study indicates that phishing emails that mimic HR announcements or ask for invoicing get the most clicks from recipients.
The study, To click or not to click: what we learned from phishing 80 000 people, by global cyber security company F-Secure, tested how employees from four organisations respond to emails that simulate one of four commonly used phishing tactics.
Twenty-two percent of recipients of emails simulating a human resources announcement about vacation time clicked, making such emails the most frequent source of clicks. An email asking to help with an invoice, referred to as ‘CEO fraud’, was the second most frequently engaged, from 16% of recipients.
Document share, notifications from a document hosting service; and service issue notification, messages from an online service, received clicks from seven percent of recipients, the least frequently clicked.
F-Secure service manager Matthew Connor says most notable was that technical workers seemed equally or even more susceptible to phishing attempts than the general population.
“The access technical personnel have to an organisation’s infrastructure can lead to them being targeted by adversaries, so advanced or even average susceptibility to phishing is a concern. Post-study surveys found that the personnel were more aware of previous phishing attempts than others, so this is a real threat. The fact that they click, with their level of awareness, highlights a challenge against phishing,” Connor explains.
Out of the two organisations with personnel in IT, clicked test emails at rates that were either equal to or higher than other departments in their organisations. The study found that these departments were no better at reporting phishing attempts.
The value of a fast reporting process was also highlighted. In the first minute after the test emails arrived, over three times the number of people who reported it as suspicious had clicked. This levelled out at around five minutes and stayed consistent.
While reporting became more common, the processes at different organizations played a key role. Forty-seven percent of participants from an organisation that provided a dedicated button to flag suspicious emails used it. Only 13% and 12% of participants from two other organisations reported their test emails. The remaining organisation did not provide data on reporting.
F-Secure consulting director Riaan Naude says the patterns highlight an opportunity for organisations to mobilise employees against phishing.
“The evidence points to fast reporting processes as common ground where security personnel and other teams can improve resilience against phishing. Getting this right means an attack can be detected and prevented earlier, as security teams may only have a few minutes to mitigate potential compromise,” says Naude.
