Phishing

Have you been phished?

18.10.2023
In June, you may have received a simulated phishing email. This simulation was sent by IPCOM to test the level of cyber awareness among the employees involved and the company as a whole.

A brief summary

On Friday 30 June 2023, a simulated phishing email was sent to 252 employees within the IPCOM group. Recipients of the simulation were asked to view and verify data. In addition, they were also asked to click on a suspicious link. Once they had clicked on the link, they were also asked to enter personal data.

The results

With 5,95% of the involved employees being “phished”, IPCOM performs better than the average company in the private sector (where 26% of the employees is tricked in such a simulated phishing attack). Nevertheless, 15 colleagues clicked on the link (which could have been malicious) and 6 colleagues entered personal data.

In short, our score was lower than the average but still too high. It needs no further explanation that the target is zero per cent. A simple click can have enormous consequences for the company, including operational disruption and reputational damage. In order to reduce these risks, we need to improve each and everyone’s cyber awareness.

More of this

How? By sending more of these phishing simulations… This email was just the start of a larger awareness campaign. So, doublecheck every email and screen if it is legitimate. If you recognize a possible threat, please report it as phishing. This is possible via the top bar in the Outlook menu. By applying this screening process systematically, you’ll become an expert in accurately identifying phishing attacks.

Be mindful

How to recognize a phishing email? Let’s recap…. Phishing emails or messages seem like they’re from a company or person you know and trust. The intent is to trick you into clicking a link or requesting information, putting sensitive data in the wrong hands. Also be aware of suspicious attachments as these might contain malware.

These messages often use an unfamiliar tone, have a sense of urgency and are too good to be true. They often have inconsistencies in the email addresses and domain names. A doublecheck can prevent a lot of harm!

Better safe than sorry

To ensure the best possible prevention, please check the guidelines below and take action if needed.

  • Update your devices, software and apps. This is the only way to patch any vulnerabilities;
  • Only use a secured Wi-Fi network, avoid public Wi-Fi for sensitive activities;
  • Use strong and unique passwords and a reputable password manager to store them (Keepass, Bitwarden, 1Password, …); 
  • Enable Multi-Factor Authentication (MFA) wherever possible;
  • In case of doubt, please contact your local IT-department.

Let’s remember, the human firewall is the most effective one!

Within our IPCOM training platform, we offer comprehensive training programs concerning phishing and IT security.