Why do you keep getting phishing emails? Because they work.

“After analyzing 7,483 phishing simulation campaigns, conducted from mid-2017 to April 2018 on more than 230,000 recipients showed that more than half of the phishing campaigns captured at least one set of user credentials. “ (Duo Trusted Access report 2018)

“This exemplifies the need for stronger user authentication to prevent unauthorized logins by attackers with phished credentials. The most effective way to accomplish this is by requiring a security token or smartphone to verify user identities through something they have, not just something they know (such as a password, which can be easily phished).

Bowling Green State University in Ohio saw a spike in phishing emails from 2015 to 2017. It was so significant that they decided to make 2FA authentication with Duo mandatory. It had been voluntary before:

“We saw very low adoption when it was voluntary, and typically the people who adopted it were not my big security risks.” Matt Haschak, director of IT security at BGSU. “As I keep preaching to our campus community, this is not unique to BGSU,” Haschak said. “I’ve been talking a lot lately to my counterparts at universities in Ohio and elsewhere, and we’re all getting hit with these attacks pretty heavily right now. Some of the phishing scams are pretty good, but unfortunately, some are god-awful, and I think people are just not thinking or they’re too busy in their day, they receive something and they just click it.”
https://krebsonsecurity.com/2017/03/phishing-101-at-the-school-of-hard-knocks/.

If you aren’t using 2FA to protect your email accounts, consider implementing it for your organization. Contact us for a quote.

What is 2FA?
https://www.youtube.com/watch?v=0mvCeNsTa1g