Last night a friend calls. One of his customers received an email from him, reminding them of a payment to be made, indicating the exact amount and invoice number, and providing the bank account details. 📩
My friend, who hadn't sent any email, and hadn't got the money, messaged his customer to remind them about the payment, only to find out the fraud. 💰
This type of targeted phishing is similar to the so-called CEO phishing and the one that occurred to Barbara Corcoran, where an attacker targets a person with the capacity and responsibility to make payments. They simulate an actual business situation with much detail and a very credible reason for making the wire on the spot. 💵
So far, the cases I am aware of had been targeting companies and looking for 6-figure amounts. Not in the case of my friend, an individual entrepreneur, with a much lower amount involved. That is an alarming signal that targetted phishing is now coming also to SMB's and independent professionals. 💼
My friend and his customer had antivirus in their laptops, but Antivirus software won't detect phishing. Only an email security solution that offers that capability will do. 🛡
And on top of that, because some very sophisticated types of phishing may pass under the radar, you still need the most critical element: The Human Firewall. 🙅♂️
Companies do purchase regular training to raise their employee's awareness. There are some free resources for individual professionals who don't have access to that, like the one my friend and I discussed yesterday from AllThingsSecured. 🎓
Is security awareness training mandatory in your organization? Is it personalized to the individual and the role? 🤔