On 1 November, the New Zealand Nurses Organisation (NZNO) was targeted by a spear-phishing attack that resulted in the organisation disclosing the email addresses of tens of thousands of members. The organisation announced the news, along with advice for its members, via a media release.
Spear phishing, a highly targeted version of phishing
In this particular attack, the NZNO was contacted by someone impersonating the CEO, Memo Musa, using a fake Yahoo email account. In the communication, the criminal requested email addresses of NZNO’s members – all 47,000 of them. The inattentive member of staff didn’t recognise the scam and duly forwarded the data requested, making tens of thousands of email addresses vulnerable to further attack.
The golden rule: be vigilant, always
NZNO soon realised its error and promptly emailed all members to apologise for the incident. The acting CEO, Jane MacGeorge, has started an investigation to discover how the incident occurred and how to prevent it from happening again. In a statement, she commented: “We are advising our members and staff to be vigilant when considering opening any emails from a Yahoo address and to question whether an email received from an NZNO address looks correct and to not open any links or attachments if in doubt.”
Carry out staff awareness training to prevent staff-related security incidents
Could the incident have been avoided? Most likely. Many staff-related security incidents are due to a lack of awareness of cyber attacks, basic security measures and company security policies. How can organisations raise staff awareness of cyber security? There are multiple resources available to educate staff and make sure they’re alert to cyber attacks. E-learning courses are one such option. IT Governance’s e-learning courses:
- are delivered online so staff can access them anytime from anywhere with an Internet connection – saving time and money on travel and hotel costs;
- enable staff to start and stop the training as they wish, based on their workload, to minimise business disruption;
- include a multiple-choice exam at the end of the course to assess understanding of the topic;
- enable the monitoring of staff progress via an administration dashboard and the creation of certificates for those who have completed the course;
- can be customised to match your organisation’s corporate identity.
The IT Governance Phishing Staff Awareness course
Specifically developed to raise awareness of phishing, the Phishing Staff Awareness e-learning course teaches your staff the basics of phishing attacks, how to recognise them, and security tips and tricks to stay safe and avoid phishing campaigns. Packed with real-life examples, engaging activities and a final multiple-choice test, the course will provide your staff with everything they need to know about phishing. Take a sneak peek at this course.
Reduce the threat of phishing attacks by enrolling your staff on this practical staff awareness course >>
Contact us on +44 (0) 845 070 1750 or email email@example.com to request a one-to-one demonstration.