During the Pandemic, Threat Actors had a field day using phishing and SEO poisoning to attack users.
We are in the same climate again with the horrible events of the last few days.
Threat actors who practice phishing attacks are already using this event to send bombastic emails with salacious titles mentioning the event, knowing the open rates for these will be incredibly high!
I recommend a few options.
- Inform users of this during your normal security awareness training and ongoing communications.
- Remind your users that they should only get their news from a trusted source.
- Temporarily create keyword email rules to block or flag spam and anything with Assassination in the email title or body.
- Use the keywords from the event in phishing testing to help inform employees of the potential use of related keywords in malicious emails.
- Send an email to employees crafted to inform them of what is coming from threat actors.
Please call us if you want options to upgrade your Security Awareness and Phishing training.
-Scott Quimby, CISSP
You must be logged in to post a comment.