Phishing attacks have become one of the most common security issues that both individuals and companies face today. The attacker is usually hoping to gain passwords, credit card numbers and/or other sensitive information. Attackers leverage email, social media, SMS, and phone calls to steal this information. This blog examines how companies fall victim to phishing attacks, and how they could prevent them.
Some of the most common techniques used by attackers are urgent emails with a link to click on in the body of the email. The user would then click on that link and enter sensitive information, such as a login to PayPal or eBay. Adversaries spoof the senders email address so that it appears to come from a legitimate source.
Another common phishing attack method is to send an email, again, appearing from a legitimate and well-known source, with an attached malicious file. The end user sees this attachment that may appear as a Microsoft word document or excel spreadsheet and downloads and opens the attachment. This attachment surreptitiously executes code on the victim’s machine and compromises the system, and eventually the organization.
A few steps an organization can take to prevent these attacks begin with training the end user. Start by educating your employees and conducting mock phishing scenarios. Get the employees familiar with not clicking links in emails and verifying the website URL’s they visit. Other ways you can help prevent these attacks is deploying a good SPAM filter that detects viruses, spoofed sending addresses, etc. A secondary control is to deploy a web filter to block malicious websites and monitor all network traffic going in and out of your network. Some organizations convert HTML email into text-only email messages or disable HTML email messages all together.
There are many steps an organization can take to protect against phishing attacks. It starts by keeping current with the latest phishing strategies and attacks. Also, by reviewing and constantly updating the security policies and controls currently in place to eliminate these threats as they evolve. Well educated employees and properly secured and updated systems are key when protecting your organization’s environment from phishing attacks.
To speak directly with one of our cybersecurity experts, please leave the following information or contact us at firstname.lastname@example.org.