2020 Election Phishing Email Brings Unexpected Risk as Staffers Continue Remote Work
Phishing has been the story of the year in 2020. As COVID-19 created massive changes in the way that companies do business, cybercriminals took advantage of the chaos with a more than 600% increase in phishing email bringing risks to businesses. With the US election just around the corner, a fresh wave of 2020 election phishing email is bringing a new round of unexpected risks to employee inboxes.
New Bait Means New Risks
Election-related phishing emails are generally spear phishing attacks through impersonation scams. No matter how it’s dressed up, phishing is still today’s biggest cybersecurity risk, and these dirty tricks can clear a path for cybercriminals right into the heart of your business:
- Bad actors create a highly convincing spoofed candidate or party email to drive traffic to a poisonous web page to steal credentials.
- Official-looking requests for volunteers to perform campaign services like electioneering or phone banking that are malware bombs.
- Cybercriminals posing as special interest groups send out “sample ballots” that are rife with ransomware.
- Sometimes, they’ll use the trappings of state or local government agencies like a board of elections to trick voters into providing them with PII or other useful data.
- Respectable-looking messages soliciting donations or selling election-related signs and t-shirts give bad actors the opportunity to snatch financial information.
Don’t let your profits get kidnapped by ransomware. Learn how to defend against today’s scariest threat now!
3 Major Complication Ratchet Up the Danger
MORE OPPORTUNITY, MORE PROBLEMS
A presidential election in the US is always a rollercoaster ride, with a sea of communications from candidates, parties, and interest groups. As we’ve moved deeper into the 21st century, many of those communications have gone from a postcard in your mailbox to an email in your inbox – and that opens up opportunities for phishing. Combine that evolution with more remote workers this year and the propensity for remote workers to fall for more phishing attacks, and you’ve cooked up a delicious brew for bad actors to exploit.
REMOTE WORK TRAPS
More folks working from home also means that more of your staffers are using devices and networks that they may not normally use in the office for a combination of work and home uses. That crossover creates the opportunity for bad actors to successfully penetrate your security by executing malware that allows them to root around on your staffer’s machine if they fall for a phishing email. Using home WiFi networks that are less secure than in-office networks also opens up the opportunity for one bad click on a phishing email to spread contagion to businesses fast.
Remote work and device sharing also bring another familiar pitfall in their wake: password compromise. As your staffers read and interact with election email from candidates and causes, they’ll often be asked to create accounts to “join the team”, opening up new password recycling, reuse, and compromise opportunities that could impact your business. Remember, 91% of participants in a recent survey said that they understand the risk of password reuse, but 59% admitted to doing it anyway – and 48% of workers use the same passwords in both their personal and work accounts.
Is Your Staff Up to the Challenge?
The key to ensuring that this increase in phishing email doesn’t create a tidal wave of danger for your business is to make sure that every employee is up-to-date on their security awareness and phishing resistance training. Training needs to be refreshed frequently to be effective – at least quarterly. Everyone from the interns to the C-suite needs to be regularly trained too – business email, compromise scams, and whaling can cause massive damage if a highly privileged account is compromised.
BullPhish ID is the perfect solution to ensure that your staffers are always ready to spot and stop phishing. Our plug-and-play phishing simulation kits have everything that you need to conduct a phishing resistance training exercise built right in. Plus, simple remote management means that campaigns can be started and groups created anytime, anywhere. Plus, online testing measures progress to see who needs more help.
With more than 80 complete phishing simulation campaign kits ready to go right now, and 4 new kits added every month, you’ll have plenty of fresh material to keep staffers on their toes. Engaging video lessons in 8 languages deliver security awareness lessons and training in easy-to-understand bite-sized pieces, making training with BullPhish ID the best way to get employees at any level of tech knowledge on the same page when it comes to phishing.
Remember, 90% of cybersecurity incidents that end in a data breach start with a phishing email. Don’t wait until risks like 2020 election phishing email or an event like COVID-19 brings a blizzard of new emails (and new phishing attacks) to your employees’ inboxes. Let the experts at ID Agent help you start training your staff in phishing resistance now with BullPhish ID and maintain that training regularly to prevent phishing from harming your business.