McAfee says that Business Email Users Fail to Identify Phishing Scams
Security firm McAfee has warned that four-fifths of business email users are not able to identify phishing scams making the enterprise vulnerable to cyber crime.
According to McAfee Labs Threats Report: August 2014, 79% of business users , who were subjected to McAfee phishing Quiz, failed to detect at least one scam containing malicious links or malware out of the seven emails shown to them.
It is more alarming that the test seems to reveal that people in Finance and HR departments of organizations who hold some of the most sensitive corporate data are the worst in identifying such scams.
It will be disastrous for a business to click a link in a phishing email as it will enable hackers to install malware or redirect users to compromised websites making the corporate network exposed to attackers.
Researchers of McAfee observed that spoofed email addresses fooled respondents most effectively and explained in a report stating that a UPS (United Parcel Service) phishing email using this tactic coupled with branding elements was very much successful.
Infosecurity-magazine.com published a statement during first week of September, 2014 quoting raj Samani, EMEA CTO of McAfee as saying "Our latest report highlights that phishing continuous to pose significant security risks for consumers and businesses. Moreover, it is a matter of worry that due to lack of knowledge in identifying the phishing emails, we receive many such emails daily and it's no longer enough to react to threats as and when they happen."
Channelweb.co.uk published a report on 4th September, 2014 quoting a comment on the findings of quizzes by Amichai Shulman, Chief Technology Officer of security firm Imperva, as "end users should not be blamed for falling to phishing scams because of old-fashioned approach by McAfee to deal with security threat. Its one thing to expect an employee to refrain from opening an apparent executable file enclosed in a slurred out-of-context email. It's absolutely unreasonable to expect a normal person to inspect carefully each and every attached or downloaded file which looks like a PDF especially if the enclosed message is in context (eg an unpaid invoice or an unsolicited CV)."