Mock phishing scam nets thousands

Mock phishing scam nets thousands | Insurance Business America

Mock phishing scam nets thousands
If brokers needed another example of the need for cyber security, they need only look to the Ottawa, as a security exercise by the federal Justice Department had half the staff clicking on a phoney phishing email link.

An internal survey revealed almost 2,000 staff were tricked into clicking on a phoney phishing link in their email, created by their own department – raising questions about the security of sensitive information, and providing brokers with another headline to share with business clients who remain unconvinced on the value of cyber liability insurance.

The department launched the mock scam in December of last year as a security exercise, sending out emails to 5,000 employees to test their ability to recognize cyber fraud.

The emails were made to look like a genuine communication from a government or financial institution, containing a link to a phoney website that was also made to look like the real thing.

The Ponemon Institute’s 2013 survey, Exposing the Cybersecurity Cracks: A Global Perspective, garnered responses from 4,881 information technology security practitioners in Canada and 14 other countries and reveals that 56 per cent of Canadian respondents said cyber threats “sometimes fall through the cracks” of existing security measures at their firms..

“Insurance brokers would serve their clients well by providing helpful tips to reduce risk and introducing packages that would mitigate damages in the event of an attack,” says Maia Espejo, the senior professional liability manager of D&O/E&O for Burns & Wilcox Canada. “Cyber Liability insurance provides both third party liability and first party computer security coverage for emerging data security and privacy exposures facing insurers today. As evidenced through the Bell Canada incident, third party liability is an important element to a comprehensive product.”

An estimated 156 million of these phishing emails are sent daily, and anyone duped into clicking on the embedded link risks transferring confidential information — such as online banking passwords — to criminals.

Are you ready for the new anti-spam law on July 1? Click here to learn more.