17 Aug Don’t take the bait – How to avoid the phishing net
The word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. Internet scammers were using e-mail lures, setting out hooks to “fish” for passwords and financial data from the “sea” of Internet users. They knew that although most users wouldn’t take the bait, a few likely would.
More than annoying spam
Traditionally phishing was associated with online banking cyber crimes: crooks send an email luring you to a website that’s a visual clone of your bank’s login page, where you enter your credentials into a phony form and drop them right into the criminals’ laps. But phishing covers much more than just fake banking sites and links to life-enhancing pills or package deliveries: it’s really just about dangling bait in front of you and waiting for you to swallow it, providing them with useful and valuable information.
The most common attack vector
A recent survey of 3,100 organizations revealed that email is the most common attack vector, used in 33% of successful cyber attacks. It’s also a highly effective vector: 53% of organizations that had been hit by a cyber attack in the last year were victims of phishing.4 Phishing emails are often the first stage in a complex, multi-technique attack. For example, clicking on a link in a phishing email connects through to a command and control server, which then infects the organization with malicious software.
The main driving force behind phishing attacks is financial gain. The Verizon 2018 Data Breach Investigations Report revealed that: Ì 59% of attacks are motivated by financial gain. This includes harvesting credentials for resale on the dark web, infecting systems with ransomware, or impersonating senior managers to convince employees to transfer funds or valuable data. Ì 41% of attacks aim to gain unauthorized system access. Examples including obtaining access to a company’s network to steal data, or gain control of systems. Given the financial motives behind most attacks, it’s unsurprising that cyber criminals often targeting employees who have access to company finances, tricking them into making financial transfers to bank accounts controlled by the criminals. However, they also target those who manage business processes and IT controls, opening organizations up to a range of attacks including ransomware and extortion.
Spot the signs
Photo credit-www.freepik.com
Use this handy acronym to help spot the signs of a phishing email:
P: Promises unbelievable things
H: Harasses you to reply
I: Insists you act now
S: Sense of urgency
H: Hit delete!
If in doubt, report it to your IT team and hit delete to make everyone else in the company aware of the phish!
The fight against phishing- How Sophos Can Help
Sophos is the only vendor to offer complete phishing protection – visibility and education, pre-delivery, and post-delivery – all managed through a single web-based platform.
Sophos Phish Threat educates and tests your end users through automated attack simulations, quality security awareness training, and actionable reporting metrics. And it works: On average, customers see a 31% reduction in employee susceptibility after just four Phish Threat training emails.
With Sophos Email, you can trust your inbox again. It blocks phishing imposters and protects employees from attacks using fraudulent email addresses that impersonate trusted contacts. A combination of SPF, DKIM, and DMARC authentication techniques and email header analysis allows you to identify and permit legitimate emails while blocking imposters.
Sophos Intercept X combines a wide range of both foundational and modern (next-gen) techniques to the widest range of ransomware attacks and malware. Its deep learning neural network is training on hundreds of millions of malicious files to proactively detect unknown threats. Unique to Sophos, you can manage all your phishing prevention technologies through a single web-based platform. This is called Sophos central. It is all web-based meaning there is no maintenance of servers and can be accessed anytime, anywhere saving time.
Corenet IT is happy to partner with Sophos to provide you with the needed protection from phishing. Let’s chat online