Exposing users to the latest social engineering attacks is a key feature of any security awareness training program. Barracuda Security Awareness Training offers customers real-world phishing simulation templates to evaluate whether their employees can successfully identify spear-phishing attacks and determine how likely they are to interact with them.

 

Subsequently, Barracuda Security Awareness Training has been tracking the click-rate data related to these simulation templates for years. A clear trend has emerged among user from a variety of industries: email that impersonate internal departments or applications are the most likely to bait user interaction.Find Out More

 

Ice phishing (internal communication emulation) is successful because workers tend to get flooded with these types of emails on a daily basis. Password reset requests, storage alerts, HR notifications, and service ticket updates are all examples of these messages of these messages.

 

The frequency and volume of these emails lead people to click without careful analysis. Ice phishing attacks can be also baited with emotional triggers like "you're about to run out of email storage" or "your web browsing is in violation of company policy." Emotional reactions like anger, fear, or frustration tend to drive a lot of clicks, regardless of the type of email.

 

There are a few significant factors that have heightened these emotions in recent years...

  • the sudden shift to remote working has put considerable distance between staff and IT teams, along with the firewalls that once kept their networked devices secure;

  • in turn, the introduction of new collaboration software such as Microsoft Teams, Slack, and the G Suite has exponentially grown the attack surface per user that hackers can take advantage of;

  • plus, the additional considerations of shadow IT - the use of hardware or software beyond the visibility of corporate IT teams, which has grown with remote and hybrid working policies. 

 

Ice phishing represents another in a long list of social engineering innovations made by cybercriminals to manipulate their targets into divulging confidential information, passwords, or giving up money to the attackers. 

 

Social engineering attacks are preferred by cyber bad actors because with a little bit of research, using publicly available information from social media and organisation financial reports, they can use unaware employees as a gateway into a company's network.

Solution Brief

These techniques don't require any malware/virus payload sent via email, just a plain text message encouraging the target to click a malicious link is all it takes for an attack to be successful. These messages can slip past traditional SEGs and fool the human layer of an organisation's cyber defence.

 

Not convinced that your email protection is foolproof? Get in touch with us to arrange a free demonstration of Barracuda's Email Protection solutions, and begin a free trail of Barracuda's Security Awareness Training for your staff and users.