Do Not Feed the Phish: Your Guide to Cyber Security

-
Phishing is a fraudulent attempt to gain access to someone’s personal information, like passwords or credit and debit card numbers. It is a crime by law, but unfortunately, a large phishing ocean of cybersecurity hackers and imposters still exists, undeterred. Phishing can be broadly categorized as a type of identity theft involving the illegal use of your identity. Cyber thieves phish the Internet through the use of emails and sign-ups to fraudulent websites and pages.


During the routine course of your Internet browsing, you may land on a tempting offer, page, or website. This is the bait. Internet users may be enticed by anything from free software to appealing websites or the chance of winning a fortune. These, when clicked, redirect you to another page, which then might require you to sign up to gain any further access. It all seems innocent enough when you are asked for your social media information, your personal phone number, or email details. You are sure to receive prompts to click on malicious links that cunningly install system monitors, key-loggers, ransomware, or bots to your system, thus breaching all further activity and user data on that system.
Irrespective of whether you are an individual or part of a large organization, you can end up being a phishing target. Generally, phishing is pitched through emails, which often land in the spam folder but sometimes make it to the inbox. Attackers understand that even a statistically small successful click-through rate on their emails can lead them to sizable profits. For a better understanding, let’s look at this sample table, where we account for a minimum amount of phishing conversion:


So, out of the 72,035 phishing emails sent on January 1, there are 28 registrations. The phishing conversion rate may seem low, but each one of these conversions results in a good profit to the attackers. The access to email-IDs and personal information comes from different fraudulent websites, software, and pages where the user has signed up in the past.


The Wombat 2016 State of the Phish report suggests that 4/5 organizations have experienced phishing attacks, which represents some 80% of the market segment. The report further adds that such attacks and their frequencies are only increasing. Asserting a far more dire statistic than our chart above, the Wombat report affirms that out of the total users pitched by attackers, 85% reported being victims.
Tellingly, general awareness of phishing also remains low. In the US, 65% of people reporting a phishing attack had only heard of the term phishing, while 17% were wrong in their guess of what it could mean, leaving the remaining 18% with no clue at all.
It is also important to understand how phishing is successfully carried out by the attackers. According to Verizon 2016 DBIR, email attachments are the #1 delivery vehicle for malware, with web-driven by links at #2, and email links coming in at #3. Further, download by malware and network propagation share an equal incident count at #4 and #5. The Proofpoint Q3 2016 Threat Summary states that 97% of phishing emails delivered ransomware in Q3 2016.
Apart from common, individual email users, CEOs, CFOs, and other executives remain the biggest phishing targets for attack. Such attacks are referred to as spear phishing or whaling attacks, since high-ranking decision makers are prized for their access to sensitive corporate information as well as sign-off authority for wire transfers. Also, the executives can be easily targeted with a customized email (drawing data from their bio available online or LinkedIn profiles), which make the process more convincing and specific. An example of a phishing mail body is as follows:


How to Prevent Feeding the Phish

In order to avoid feeding the fish, here are a few key things that should be kept in mind:
Learn to identify possible phishing emails: These would probably contain a duplicate image of the real company, would have copied the name of a company or its employees, have sites with domain names similar to the real business venture, and would be promoting gifts or the loss of existing account information.
Check the source of information coming from incoming emails: Users must know that their banks would never request their personal banking information or passwords. Do not respond to such questions. Instead, if there is any doubt, the bank should be contacted immediately.
Beware of hyperlinks: These can land you on fraudulent web pages that work as a phishing trap. Generally, hyperlinks mentioning your bank or office should not be directly accessed through suspected emails, as these might land you on fraudulent webpages. Instead, type the correct URL directly into your browser.
Change your passwords periodically: Separate accounts should not be linked with a similar password. Also, you should consider changing your passwords from time to time.
Disable macros: Some ransomware that targets salespeople requires Microsoft Office macros to be enabled. Keeping these disabled across the network can keep a salesperson from enabling them accidently.
Avoid random signups: Sharing personal details across untrusted websites and pages should be strictly avoided. You should also refrain from downloading software from clients and unknown developers.
Add a runtime malware defense on top of the antivirus: Although antiviruses are designed to block malware from entering the system, almost 390,000 new variations of malware are created each day, and your antivirus will have a hard time blocking everything. Adding a runtime malware defense as an overlay to the antivirus stops incoming attacks from doing any damage to the user data and system.
Regularly update your software: All app developers constantly work to improve their cybersecurity. Thus, any available updates should be downloaded.
With these precautions, you can help avoid any malware breach into your system. By remaining alert to email phishing and website pitches, you can save yourself from falling prey to cyber attack. In order to gain a better understanding of cybersecurity, its threats, and attack prevention, you can also investigate these security courses.

Comments

Post a Comment

Popular posts from this blog

Microsoft SharePoint 2019: Online vs On-premises

-
Image
SharePoint: The Undeniable Value Add It’s 2019, the era of ever-evolving technological advancements. Most global organizations operate in a complex and multidimensional competitive environment. Increasing scrutiny from the stakeholders means companies are now not only concerned about the relevance of their processes but are also equally willing to adopt more efficient and less time consuming supportive platforms. SharePoint Online, a component of Office 365 or On-Premises SharePoint are two such widely used platforms. The effectiveness of these platforms allows companies to focus on their bottom lines and less on administrative but critical tasks such as content management. SharePoint 2019 Additions – The Modern Makeover Recently, a New SharePoint 2019, the on-premises version was released, and it received encouraging end-user reviews. The goal was to enhance user experiences. To a great extent, it succeeded.  Reiterating the utility value of the on-premise versio
Read more

Empower your Network Administration with SolarWinds Orion

-
Image
SolarWinds Orion is a robust network management platform that renders unified network monitoring solutions to the organizations. It offers powerful fault and bandwidth management capabilities that can measure and monitor the performance of the large networks. It is acclaimed that out of 500 fortune companies, 425 companies use this intuitive solution to monitor and analyze network, system, and application health and performance efficiently. Acquiring expertise in SolarWinds network monitoring tools and capabilities with SolarWinds Orion training courses can help businesses reap the following benefits: ·   Ensure Service Availability:  This innovative platform offers extensive visibility to the vital business services, that cannot be compromised at any point of time. It allows businesses to offer uninterrupted services as they are directly dependent on healthy network and systems. The Orion platform helps in continuous monitoring and analyzing the essential elements includ
Read more

Free Certification Practice Questions and Answers for CompTIA A+ Certification Exam

-
Image
CompTIA A+ Certification Prep Assessment is a free evaluation of your understanding of the computer devices, peripherals, system support and troubleshooting with basics of hardware, software and networking. This assessment quiz is comprised of mock questions patterned as per the A+ certification exam to make you familiar with the exam format and let you acquire insights to your skill enhancement. The quiz and assessments from NetCom Learning aim to make you certification ready while explaining you each core concept covered under A+ certification. Crafted by our subject matter experts and certified instructors, these assessments are the proven tools for efficiently prepare and pass the CompTIA A+ certification exam .
Read more