Today: September 21, 2018, 4:44 am
  
Computer & Technology

Something Phishy: How to Identify and Avoid Phishing Scams

Phishing is one of the most common attack vectors for hackers who exploit end-user behavior as the weakest link in an organizations cyber-defense

 

PR-Inside.com: 2018-07-11 15:41:00
Phishing is one of the most common attack vectors for hackers who exploit end-user behavior as the weakest link in an organizations cyber-defense. For years, criminals have disguised attacks in emails and today we see phishing emails as a primary delivery method for ransomware payloads. Phishing emails have led to massive data exposures, which caused major reputational and financial damage in the private and public sector over the last few years. As cybercriminals continue to prey on employees through their technology, they are always taking measures to be one step ahead. In an organization all it takes is one employee to take the bait.

Today's phishing attacks are so prevalent and so convincing across organizations. What started off as simply “phishing” has now developed into three branches of attacks: the classics, mass phishing and spear phishing, and the recently emerging trend of Business Email Compromise tactic acting as a subset of spear phishing. Business Email Compromise is associated with employee email accounts being compromised rather than the sender address being spoofed. This makes difficult for end-users to spot attacks. It has been stated that 91% of cyberattacks and their resulting data breaches now begin with a spear phishing email message.

Phishing has evolved in lockstep with the 'Malware-as-a-Service' phenomenon. Phishing emails come in all shapes and sizes, and unfortunately, no single product will fully protect your business from phishing attacks. Phishing is now run as a business and cybercriminals have been using different attack strategies to retrieve information from their target. Some of strategies include phishing services, off-the-shelf phishing kits and Business Email Compromise.

Free phishing kits

An interesting facet of the phishing ecosystem is that there are a large number of actors committing attacks, but only a small number of phishers that are sophisticated enough to write a phishing kit from scratch. Because of this, phishing kits are now widely available for download from dark web forums and marketplaces, and give attackers all the tools they need to create profitable phishing attacks: emails, web page code, images, and more.

Attacks-as-a-service

In fact, attackers don’t even need to know how to create malware or send emails anymore. As-a-service and pay-as-you go solutions permeate most online service technologies, and phishing is no different – with a range of services increasingly available to attackers:

• Ransomware-as-a-service allows a user to create an online account and fill out a quick web form, including the starting ransom price and a late payment price for victims. The provider of the service then takes a cut of each ransom paid, with discounts offered if the user is able to translate the malware code into new languages or if the volume of the attack exceeds a certain level

• Phishing-as-a-service allows users to pay for phishing attacks to be sent for them, using global botnets to avoid known dodgy IP ranges. Guarantees are even made to only bill users for delivered email messages, much like any legitimate email marketing service.

These services have led to the explosion of phishing attacks highlighted earlier, as any attacker can launch an attack regardless of technical skill.

Phishing attack prevention: How organizations must protect itself from getting hooked

Stop threats at the door

The best defense against phishing emails is your email gateway. Email protection is your watch guard, blocking 99% of unwanted email at the gateway, including malicious attachments, content, and URLs - long before an end user ever sees them.

Web filtering is another must-have as a front-line defense, filtering and blocking infected URLs should your users click an email link. And file sandboxing ensures those nasty malware laden downloads get removed from the threat chain early on.

Protect your weakest link: users

Even with the best upfront filters, attacker methods such as BEC – with no executables or links to detect – may still get through. Appropriate training and education is critical for ensuring that all your employees know how to spot and deal with these types of email messages.

Secure your last line of defense

If your click-happy end users inadvertently unleash potent, powerful malware onto your systems, there’s still ample opportunity to stop the damage – and even reverse its effects. Next-generation exploit prevention solutions will identify, analyze, and neutralize the effects of even the most advanced, unseen malware out there, and automatically clean up all trace of infection so you can get on with your day.

Know your business

Make sure your company processes are understood, that you encourage employees to question requests that seem out of character from other employees and senior managers, and perhaps most important of all, ensure you have a two-stage approval process for all significant fund transfer requests. All the defenses in the world aren’t going to stop an employee from unknowingly sending large payments to a thief without some proper checks and balances in place.

Phishing is a problem that will not go away. But you can be more cautious and train yourself to look for giveaways that will tell you if you have visited a phishing website. Cybercriminals will continue to take advantage of opportunities as long as they are getting their money. The fight is challenging but it’s something we can win.

Press Information
Sophos
Sheikh Zayed Road

Shaina
PR Consultant
0561730550
email
www.oakconsulting.biz/

Published by
Nimi D'souza
+971507343840
e-mail
www.oakconsulting.biz



# 884 Words
Related Articles
More From The Author
FarEye launches its Delivery Experience Suite – [..]
Dubai, United Arab Emirates, July 5, 2018: FarEye, a leading global digital logistics platform today announced the launch of [..]
Dubai Police and Apparel Group Receive Special [..]
Superbrands, the independent authority and arbiter of branding, recognized the Dubai Police for its efforts in exceeding the [..]
The World Cup is here, stay ahead [..]
Sophos (LSE: SOPH), a global leader in network and endpoint security, today reminded football fans of how cybercriminals have [..]
FarEye Expands its Footprint in the European [..]
Dubai, United Arab Emirates, June 24, 2018: FarEye, a leading global digital logistics platform, today announced the opening of [..]
58 Brands in the UAE to receive [..]
Superbrands, the independent authority and arbiter of branding, announced it will host its annual tribute event to honour and [..]
 
More From Computer & Technology
This Vs That Provides Trustworthy Phone Comparisons
19th September 2018 - This Vs That provides a great service for people who would like to compare some models [..]
Digizuite is the first verified partner in [..]
Sitecore welcomes Digizuite in the Sitecore® Technology Alliance Program (TAP). “By submitting the Digizuite™ DAM for Sitecore [..]
Suprema to demonstrate biometric access at Adria [..]
SEOUL, KOREA, Sept 11, 2018 - (ACN Newswire) - Suprema is set to showcase its biometric-driven enterprise access control solution [..]
Trillium Partners with Univ. of Michigan's TechLab [..]
Trillium's Lead Data Scientists Mentor U-M Students on Technology Development and Entrepreneurship ANN ARBOR, MI, Sept 4, 2018 [..]

Disclaimer: If you have any questions regarding information in this press release please contact the company added in the press release. Please do not contact pr-inside. We will not be able to assist you. PR-inside disclaims the content included in this release.