Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezin
Almost all phishing attacks can be broadly divided into two categories
(a) Tricking users to pass on sensitive information via spoofed sites
This method creates compelling communication messages that entice the user into visiting third-party, data harvesting sites.
(b) Getting the user to install malware through a click in a communication
In this method, the fraudster entices the user to click on a download link that in turn installs malware.
How to Protect Against Phishing?
User education and deploying specialized software are the two main ways in which companies can develop an effective strategy for phishing protection. None of these is likely to work in isolation though and companies must develop a holistic approach that combines these components for a specific business context in order to best prevent phishing scams.
Prevent phishing emails from reaching users
This is best done using specialized anti-phishing software. A number of options exist on the market with each offering its own unique set of capabilities such as handling zero-day vulnerabilities, identifying and neutralizing malware attachments, spotting man-in-the-middle attacks, detecting spear phishing emails, solutions that are specialized for handling cloud-based email communications vs. ones that can be installed with on-premise mail servers that operate behind firewalls. Such software is specifically designed to prevent suspect emails from reaching the target user inbox.
Offer of large financial rewards
This pattern includes emails claiming that you have won a lottery when you never purchase one, offer of a large cash discount on something that you never purchased, large prize money in a contest that you never enrolled for and so on. The actual intention is usually to direct you to a site where the scammers can get your personal or financial information.
Avoid using public networks
Email communications over public networks are often not encrypted. Hackers could use this limitation to sniff out important information such as account username and passwords, saved passwords, and other financial details. Of course, rogue hackers may setup completely free hotspots and lure you into providing sensitive information even without sophisticated data sniffing technologies. A best practice to prevent phishing when using public networks is to use your mobile’s tethering and hotspot capabilities to work with its 3G/4G data connection rather than relying on public networks.
0 Comments