Main focus is to raise awareness to phishing attempts. In nation-wide drill, nearly 40% of recipients clicked on links in fake messages
The Israel National Cyber Directorate (INCD) held a nationwide drill designed to raise awareness to phishing attacks – this, as part of the INCD’s Cyber Defense Week initiative, which also includes a public awareness campaign and lectures in high-schools other target audiences.
Some 20 organizations participated in the drill, by sending fake phishing messages to over 80 thousand employees from both the private and public sector. Recipients who clicked on the link received an explanatory message, with tips on protecting oneself from phishing attempts.
Nearly 40% of recipients – including IDF soldiers, police officers, and employees of leading companies – clicked on the link, an indication to the ease with which personal information can be phished, and the importance of raising awareness to these tactics.
“Israel’s cyber capabilities are strong, and constantly getting stronger. But one must know – the threats against Israel are constantly increasing as well,” said Israeli PM, Naftali Bennett, in a message recoded ahead of Cyber Defense Week. “We have to remain alert in the face of attempts to phish personal details of citizens.”
The INCD reports that in the past year alone, it handled over 2,500 phishing reports. Behind each of these reports were tens of even hundreds of thousands of malicious messages sent.
According to a recent survey by ESET Israel, 83% of participants said that they had been targeted by phishing messages at least once. Over 57% also said that they had clicked on promotional links without first checking for red flags.
Among those red flags, which might indicate a possible phishing attack one might find unofficial URLs, unprofessional writing style with grammatical or spelling errors, equest to enter private information by clicking on a link, guaranteeing an award (there are no free gifts!), and creating a sense of urgency in the message.
Some of Israel’s top phishing attempts of the past year, according to ESET, were messages impersonating one of the country’s leading banks, asking recipients to click on a link in order to update their personal information for security concerns; messages impersonating the Israel Postal Service, providing a so-called link to pay the fee for clearing customs; messages promising new phones as a Valentine’s Day gift; WhatsApp Pink – a malicious WhatApp close app, and more.
According to communications security company Tessian, which specializes in email communication, 75% of organizations around the world experienced some kind of phishing attack in 2020, while 96% of all attempts arrive by email. The most impersonated brands in Q1 2021 were Microsoft, DHL, LinkedIn, Amazon, Ikea (including a major one over the past few weeks), Google, PayPal, and others.