Phishing is one of the most common and dangerous cyber threats we face today. For those who haven’t completed the latest IT training, phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware or ransomware.
On Amazon Prime Day, CMC conducted a company-wide phishing simulation to test employee awareness and response to potential threats.
“I’m pleased to report that the results were quite positive: only 1.04% of employees clicked on the phishing email” said, Paul Mackay, CMC’s chief information officer. “This low percentage demonstrates that most of us are staying sharp and aware of the risks.”
Though these results are encouraging, it’s crucial to remember that it only takes one successful phishing attack to compromise the entire organization. A single click on a malicious link could potentially lead to severe consequences, including data breaches, financial loss and damage to CMC’s reputation.
It is important to remain vigilant. Cyber attackers are becoming increasingly sophisticated, creating emails that look more and more convincing. They often exploit timely events, such as sales days like Amazon Prime Day, tax season, or even our internal company announcements, to trick users into clicking on malicious links or providing confidential information.
To help protect CMC (and yourself), please remember the following:
- Always check the sender’s email address. Be wary of emails from unfamiliar addresses or those that seem slightly off (e.g., an extra letter or number in the domain name).
- Look for red flags. Poor grammar, unusual requests or a sense of urgency can be signs of a phishing attempt.
- Do not click on links or download attachments from unknown or suspicious emails. This is a simple one: don’t click unknown links.
- Report suspicious emails immediately using the KnowBe4 button in your Outlook Menu Bar. The faster you report a phishing attempt the more effective CMC’s IT response can be.
- If you think you’ve been phished, don’t panic. Report it immediately to our IT team (support@cmcenergy.com). Quick action can help mitigate any potential damage.
CMC will continue to conduct regular phishing tests and provide training to ensure everyone is equipped with the knowledge to recognize and avoid phishing attacks. Stay tuned for more resources and tips in upcoming newsletters.
“I’d like to give a large thank you to everyone for continued diligence in keeping CMC secure,” Mackay said. “Cybersecurity is everyone’s responsibility. Keep an eye out for future training and remember, stay vigilant, stay safe.”