How Free Pizza Can Hold Your Networking System Hostage – A Case Study
[Please note that no end users were harmed in this experiment.]
Pizza. It’s cheesy and delicious, but it can be dangerous to your company data. Huh?
Gross, Mendelsohn & Associates: 5 Clicks Away From an Attack
That’s right. We were the victims of a free pizza scam — but rest easy. Our own lead network security professional was 100% behind it.
If you’ve read You Are The #1 Threat To Your Business’ Network Security, you understand how your employees put you at risk for a massive network attack. That’s why we conducted a top secret phishing test on our entire staff to see just how well our 100+ person team would respond. Let's find out.
WeWanT to OffeR U a Fre3 Pizza. ADD SOCIAL SESCURITY to R##DEEM
Our team consists of pretty savvy email users so we knew they wouldn’t click on an email with this in the subject line. Ransomware hackers know this and have developed sophisticated email content that shows the sender as a trusted company or contact. We needed to replicate this as much as possible to test our staff to the fullest.
Our networking gurus used a security awareness website to find a fake phishing email to send out to our staff. The phishing email showed a simple coupon with a cutout outline stating the user only needed to click the link to get a coupon for free pizza. It had very little information but did show a legitimate looking copy of the Pizza Hut logo. The subject line read, “55th Anniversary and Free Pizza” and the sender was PizzaHutCoupons @ PizzaHut.com.
It Only Takes One Click to Be a Victim of Attack
The Pizza Hut phishing email was sent to our entire staff at 4:00 PM on a Friday – a perfect time for employees to be thinking about an easy dinner on a Friday night.
The first click happened within five minutes of the email going out. Because this was a fake phishing email only for testing purposes, nothing happened to the user or the firm’s network. However, our networking experts captured basic information about the browser used, username, date, time and number of clicks.
This test was a great test of our staff’s knowledge and our IT department’s response time. Quickly after the email was sent out, our IT staff took it as a code red and acted fast, notifying everyone that this was a phishing scam. Our internal IT staff got a gold star.
The rest of our team is undergoing several training exercises to make sure they know just how deceiving modern phishing emails are. We’re confident that in our next test, we’ll get zero clicks.
Exposing your network to a phishing email can mean exposing your data to ransomware hackers. A ransomware hacker will use that phishing email to trigger an application that quickly and quietly encrypts your company data. After the data is fully encrypted, they will lock you out of it and hold it hostage until you pay their price.
There are several precautions you can take to protect your data from a ransomware attack. However, the easiest way to avoid this is to educate your employees on how to identify phishing emails so they don’t open them in the first place.
Our networking engineers are ready to deliver a recommendation on how you can prepare your staff for phishing scams or how you can test them with hot, delicious free pizza.
Schedule a free 30-minute network assessment with our tech experts, or call 410.685.5512.
About Bill Walter
Bill, our lead networking guru, loves showing clients how technology can be worked into their existing processes to improve efficiency and security. His expertise includes cyber security, high level planning for internal and external networks, , and hands-on installation and configuration of networks. He helps organizations of all types and sizes implement cyber security best practices to protect sensitive data. Normally a pretty easygoing guy, Bill thinks there should be a law against wearing a Bluetooth headset when it’s not in use.