Beware of those cute pictures. Hackers use them to get workers to click on links that allow them access to systems.
The largest energy companies want their workers to stop clicking on links to cute cat photos.
Such e-mailed links are among the leading ways that hackers gain access to energy company systems — a trick known as phishing, with the potential for breaches that could lead to huge thefts of data, or even physical damage.
Phishing attackers try to get computer users to click on a link or download an attachment in an e-mail that allows hackers to enter their systems.
In their latest counterattack, Schlumberger, Shell and other major players in the energy sector have been sending their employees fake phishing e-mails.
Unfortunately for many companies, employees are easily coaxed into clicking on bad links, said Jim Hansen, executive vice president for PhishMe, which specializes in phishing risks. “Something as foolish as silly pictures of cats,” Hansen said. “You think it’s not going to happen. It always happens — 88 percent failure rate.”
The fake phishing e-mails, meant to look like the same anonymous come-ons that might lure an unsophisticated Web user into clicking on a contaminated link, are aimed at teaching employees how to spot dangerous messages.
“One of the big things I try to do is let people understand that it’s not myself, it’s not the security team that needs to be looking out for security,” Mario Chiock, Schlumberger’s cybersecurity adviser, said at a recent conference in Houston. “Every single person needs to be responsible for security.”
That is a new approach for most energy companies, which are beginning to view cybersecurity in the same way that they view physical safety.
The push comes after repeated reports that energy companies are among the most targeted by hackers.
The Department of Homeland Security says that 40 percent of all cyberattacks last year targeted energy companies and several security firms have said energy companies are the top targets for certain types of attacks. An attack on Saudi Aramco knocked out 30,000 computers last year.
Computer infections also have wreaked havoc offshore, knocking some offshore rigs offline for weeks.