Webinar: Securing Digital Transformation
How to close major loopholes in the digital-first enterprise.
Phishing is an attempt to obtain sensitive information such as usernames, passwords etc by disguising as a trustworthy entity in email communication or instant messaging. It often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Phishing is an example of social engineering techniques being used to deceive users. Popular phishing websites fake corporate email login websites, banks, online payment processors or IT administrators.
Attempts to deal with phishing incidents include legislation, user training, public awareness, and technical security measures – because phishing attacks also often exploit weaknesses in current web security.
Some of the most known breaches in history started with a simple phishing email
Phishing is one of the oldest and simplest social engineering tricks. Phishing emails target their victims by masking malicious links and attachments to mimic routine tasks or urgent requests and counts on the fact that some people will not pay attention and click on an attachment/enter credentials to get in.
Some phishing emails that Perception Point catches every day trying to mimic Microsoft Office 365 login, PayPal, large US banks, DocuSign, DHL and Dropbox to name a few.
There are a number of techniques that fall under the umbrella of phishing email but they all start with a disguise. The two main categories of a phishing email campaign are:
Creating a phishing site is extremely easy and available for any criminal even without being a cybersecurity expert. A simple Google search for “how to create phishing website” leads to hundreds of results with step by step guides, Github projects for phishing frameworks that can support 2FA https://github.com/ustayready/CredSniper and so on. Each guide or framework will help the attacker to:
Many organizations invest less in phishing as part of their email security strategy since it is less damaging in their view. It is clearly wrong to reduce the importance of phishing prevention and expose the organization to breaches.
Phishing prevention requires a layered approach that includes:
Security awareness training – Arm your users with knowledge and techniques to deflect phishing attempts. There are several companies that offer phishing training solutions and can guide your users on how to identify a phishing site. Google recently launched a phishing quiz https://phishingquiz.withgoogle.com/ that can be a good start for this initiative
From uncovering a VBS backdoor that quotes the Fibonacci sequence to receiving “trust worthy” emails.
Perception Point integrates with Box, leading Cloud Content Management Platform, to enhance security and threat detection