• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Don’t Phish your Friends: simulated phishing is harmful

Don’t Phish your Friends: simulated phishing is harmful

by Rois Ni Thuama
May 13, 2021August 31, 2022Filed under:
  • Cybersecurity
  • OnINBOX

Something happened this week that really drove home the personal side of cybersecurity. A UK train operator conducted a ‘simulated phishing campaign’. Put simply, a firm’s senior management team launched a phishing attack on their own staff to induce them to click on something that they don’t actually want them to click on.

The human cost

It’s difficult not to put a human face on the person who received that email. It came from the top, he thanked them for their hard work and acknowledged that a huge strain was placed on them during the pandemic. In recognition, a one-off bonus. How good does that sound? Pretty good.

It’s not difficult to imagine how staff must have felt rewarded and delighted that their hard work during a pandemic was recognized and appreciated. It’s also not hard to imagine the dismay they felt when so quickly their hopes of receiving this bogus bonus were dashed. It’s a heartless way to behave, but it looks as though senior management may not escape unscathed.

The potential fallout

Within contracts of employment there is an implied term of trust and confidence. Researchers have long warned that there are no discernible benefits to emails like this. Firms must not conduct themselves in a manner likely to destroy or seriously damage the relationship of trust or confidence. Difficult to argue that this email doesn’t seriously damage both. The potential for constructive dismissal cases based on this email alone is real and could yet prove painful.

It creates another headache. The backlash has been fast and furious. Destroying hard earned reputational capital with a stunt like this runs contrary to the directors’ obligation to promote the success of the company, and one can well imagine controlling shareholders being broadly displeased with the negative press.

The firm’s defense that this is what criminals do is total nonsense. Criminals do lots of things, we don’t copy them!

Researchers have warned that staff long feel the effects of opening and responding to that email, and that leads to decreased productivity. While human factors experts recognise it as an exercise in futility, essentially they warn that firms are training staff for an impossible task.

So what do the experts recommend?

Top of the list is: deploy technical security measures.

What might that look like for your business?

  • Use a modern cloud email vendor such as O365 or G Suite. Accelerate those cloud migrations if you haven’t done so already and ensure you have a robust 2FA policy to minimise the risk of account takeovers.
  • Adopt modern email security standards such as DMARC to protect your customers, supply chain and yourself from impersonation.
  • Deploy technical solutions alongside your cybersecurity awareness training to help your employees spot and report fraudulent emails that make it past your layered defences.

By relying on expert advice to provide your team with the right equipment, your business can flourish, maintain trust and confidence, and avoid negative press. Red Sift works with global firms to implement sensible technical security measures to defend their business and people.

Get in touch

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybercrime
  • Phishing
  • phishing simulations
  • Product

Post navigation

Previous Post Don’t get caught making this SPF mistake
Next Post OnDMARC by Red Sift wins Multiple Awards at Global InfoSec Awards during RSA Conference 2021

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in