People versus email scammers

07 July 2016

Employees are still the first line of defence when it comes to cyber security


We all need to wake up to the potential threat in our emails and heighten our security awareness.

According to tech analysis website memeburn, people are usually either greedy and gullible, or just intrinsically positive about the motives of others and not on the lookout for scammers and criminals in every email exchange.

A prolific and lucrative cyber crime industry still exists, attacking individuals and organisations alike, with people often the weakest link in any security defences. Employees have limited knowledge of the cyber security risks they face (or create) and email scams take advantage of this.

 A popular method is phishing. Here the attacker sends email to lots of people with a malicious web link to steal credentials for logins or a malware-laden attachment to infect a machine.They know that eventually someone will click through and activate their attack.

Then there is spear-phishing, where targets are more carefully targeted to improve effectiveness. A new and damaging variant of this called CEO Fraud or whaling, where social engineering is used to really target a specific individual within a target organisation. Individual emails are created that look legitimate; they often get into a conversation with the target pretending to be their boss, usually with the aim of obtaining fraudulent transfers of cash or confidential data.

Investing in up-to-date technology to defend your business is critical, but employees remain the first line of defense and educating them regularly about potential cyberattacks is vital. A culture that encourages and supports employees in being open (and fast to act) when they have made a mistake is important.

Training is an important part of educating your employees. Amethyst is an established cyber security training provider offering specialist courses on technical risk assessment as well as more basic introductory level courses for non-specialists.

Our Introduction to Information Assurance equips delegates with the basic principles of Information Security, Information Assurance and Information Risk Management.

To find out more, visit our cyber security training page or email

To read memeburn’s article in full visit


Contact us for more information

<< Back to Latest News items