One of the key points we cover in our online and real-world cyber security awareness training is that threat actors will exploit human trust and fears. So phishing messages will contain:
- a threat – your tax bill is overdue see the fine here
- something nice – we over charged your tax bill get your refund here
- a fear of loss – unless you login in now we will close your Microsoft 365 account
- a mistake to correct – you have missed a delivery please click here to reschedule (a boom phishing communication due to the pandemic and our expand use of online shopping)
- a promise of something too good to be true, but plausible – click here for a 75% discount on your next food delivery
Here is an example delivered through an Android app and installing information stealing malware:
I have written before about the need to manage BYOD in your organisation and especially Android based devices:
Although iPhones should also be included in your risk assessment:
Are you using Bring Your Own Device – BYOD – to save money? – CyberAwake
Clive Catton MSc (Cyber Security) – by-line and other articles