CLEARWATER, Fla. (Press Release - December 19, 2011) - Internet Security Awareness Training (ISAT) firm KnowBe4 is alerting small and medium enterprises (SMEs) to yet another emerging security threat \u2013 cybercriminals are baiting employees to click on phishing links through phony social media posts. Some are using email spoofing to send fake Twitter and Facebook updates to recipients, while others are sending direct messages from legitimate user accounts that have been hacked. In both instances, the sender will post a short note with phishing link. \u201cGiven America\u2019s widespread participation in social media, SMEs can assume that most employees have either a Twitter or Facebook account, or both,\u201d noted Stu Sjouwerman (pronounced \u201cshower-man\u201d), founder and CEO of KnowBe4. \u201cThe perpetrators of this latest phishing scam are counting on users\u2019 curiosity and trust in their social networks. The cybercriminals send a brief note \u2013 something along the lines of \u2018I Googled your name and found this\u2019 or \u2018This photo of you is hysterical\u2019 \u2013 followed by a link. Using a common link shortener, such as bit.ly, the sender is able to mask the identity of the website the link is directing to. Many recipients let their guard down and click the link if it appears to be sent by someone they know. However, these malicious links will often initiate a malware download or prompt the user to enter their personal login information; and in that instant, the company\u2019s network is compromised.\u201d A recent Wall Street Journal article emphasized that employees are a company\u2019s greatest security risk, citing the results of KnowBe4\u2019s own phishing experiment. KnowBe4 found that employees at 43% of companies clicked the link in a simulated phishing email sent from a reputable and trusted server. Even when the email was sent from an unknown and untrusted server, 15% of organizations still had one or more employees who clicked. When analyzing the results by business sector, KnowBe4 discovered an alarming fact \u2013 some of the most Phish-prone industries happen to be those likely to store users\u2019 personal and financial information on their networks. In each of the following industries, approximately 1 in 5 companies had at least one employee who clicked on KnowBe4\u2019s simulated phishing email: financial services (22.69%), government services (21.23%), insurance (18.37%) and healthcare (17.99%). \u201cMany SMEs don\u2019t realize just how susceptible their employees are to phishing attacks, or they think their existing security measures are sufficient to handle external threats. But the fact is that security breaches can and do happen every day, and the consequences can be devastating to a company\u2019s reputation and finances,\u201d warned Sjouwerman. \u201cIf your employees have access to the Internet, security awareness training will arm them against cybercriminals\u2019 cunning attacks. Our system trains users to identify and avoid phishing scams like email spoofing and fake Twitter posts. Based on our clients\u2019 results, we found that employees\u2019 Phish-prone percentage dropped 75% after the first training session, and shrank to near 0% after two months of further testing and training.\u201d KnowBe4 offers several complimentary tools to SMEs, including a free phishing security test to identify the Phish-prone percentage of a company\u2019s workforce, as well as a free email exposure check (EEC) to reveal a company\u2019s \u201cattack footprint\u201d in terms of its publicly available email addresses. KnowBe4 sends regular EEC updates to all customers, and will provide a complimentary one-time EEC service to any company that requests it. For more information on KnowBe4\u2019s Internet Security Awareness Training (ISAT) programs, or to request a free email exposure check (EEC) or phishing security test, visit http://www.knowbe4.com. About Stu Sjouwerman and KnowBe4 Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He and his colleagues work with companies in many different industries, including highly regulated field such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.