Google has had to send warnings to its global users of government-backed spear phishing attacks more than 12,000 times in only 3 months.
The internet giant’s own Threat Analysis Group (TAG) works around the clock to discover new phishing campaigns and other threats targeting Google users, specifically from state-backed organisations. It tracks more than 270 targeted and government-backed groups from over 50 countries.
The primary objectives of the groups TAG monitors include theft of intellectual property, intelligence gathering, targeting dissidents and activists, coordinated spreading of disinformation and destructive cyber-attacks.
Shane Huntley spent many years developing security software for the Australian government. Now, he is a director of Google’s TAG and encourages all users that consider themselves “high-risk” to enrol in Google’s Advanced Protection Program (APP) which adds hardware security to their accounts, preventing unauthorised access even if credentials are successfully stolen.
Over 90 percent of these users were targeted via “credential phishing emails”…
These are usually attempts to obtain the target’s password or other account credentials to hijack their account.
We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.
Shane Huntley – Director, Threat Analysis Group (TAG), Google
The additional security offered to Google users is a strong step in the right direction, and here at Phishing Tackle we encourage all users to adopt Two-Factor Authentication (2FA) with all their online accounts.
While these security measures reduce the significance of credential theft to high-risk users, they do not stop the rest of us becoming victims of other forms of email-borne social engineering. The likes of CEO fraud and ransomware attacks are still prolific attack vectors used by malicious actors and users require effective, routine Security Awareness Training to minimise the risks posed by these threats.
Australia’s government recently made Security Awareness Training mandatory among it’s MPs and we believe this to be a positive and proactive move against cyber crime.
By better understanding how many users require further cyber security training, organisations can massively and quickly reduce their threat surface before an untrained user clicks a seemingly innocuous link.
We have created a Free Click-Prone® Test which reveals how many of your users have a propensity to click on phishing emails, such information is invaluable when attempting to reduce an organisation’s cyber risk.
Phishing attacks show no signs of slowing down, and the holiday period at the end of the year sees phishing emails increase worldwide by around 25%. The time to educate and test your staff is now, don’t leave it until the damage has already been done.