What is Phishing?
91% of cyber attacks start from email phishing attacks. Phishing attacks are all about the art of deception. You the user is deceived into thinking that the email you receive whether, from the CEO of your job, family, friends or even your banking institute is legitimate, using this deception the hacker will request for your personal or sensitive information. This is usually to your email, bank, credit card or social media accounts. Phishing attacks gives hackers a better chance of retrieving the data that they need from you rather than trying to breakdown security defense.
How to identify Email Phishing Attacks?
- Generic greetings that don’t address you specifically.
- Emails from suspicious sources requesting for personal and sensitive information.
- Email content that has a sense of urgency and demands a quick response or action.
- Emails with suspicious content with clickable links or attachments.
Types of Phishing Attacks?
- Deceptive Phishing – This is a type of phishing, where the attacker impersonates a genuine company in order to steal confidential data.
- Spear Phishing – This type of phishing email is customized with the victim’s name, company, phone number, position and any other personal information to deceive the user and convince that they are genuine.
- CEO Fraud – Phishers implement the use of an email address with the name of a higher authority to demand payments within the company.
- Pharming – Hackers hijack the domain name of a website and use it to redirect the users to a malware site and impose an attack.
- Dropbox, OneDrive and Google Drive Phishing – Genuine-looking emails deceive the customers to come from Dropbox, OneDrive or Google Drive and demands to click to ensure to secure the account.
How to prevent phishing attacks?
- Anti-spam solution – Your business needs it if you don’t have one get one or if you do and you are still being hammered by spams and email phishing attacks feel free to contact us to get you protected.
- Monitor & Managed Anti Spam – Anti Spam is not a set it and forget solution and must be monitored and managed.
- DNS/Content Filtering – Having this layer of protection helps if you accidentally click on a malicious link from a phishing attack this will block the web page from loading stopping you from giving away your sensitive data.
- Two-factor authentication (2FA) – Activate on all websites that you sign into that have this security feature available. Examples Facebook, Twitter, Instagram, Linkedin, Hotmail, etc. With 2FA enabled even though a hacker may have received your credentials they would still need to bypass a second level authentication which usually requires an SMS message to your cell phone with a code, an email with a code or the use of an authenticator app that generates the secure code to grant access to your account.
- Password Manager – Password managers allow you to generate strong random passwords and then save them and manages them for you securely.
- Staff training – Building a human firewall by training and educating your staff about phishing attacks goes along way besides its really the user that will be responsible for clicking on a malicious link and given away sensitive data. Keep your staff trained and educated adds another layer of defense to your business.
- Advance Endpoint Protection – Endpoint Protection is another layer of protection that protects at the endpoint level (Computer, Laptop, Servers, Mobile phones, etc.) I recommend endpoint protection with default-deny technology this means anything that I’m anything me and my system is not familiar with can either be set to blocked or placed in a virtual container. The virtual container allows the file or program to open or run but having no access to the actual system. If a file or program is placed in a virtual container you can analyze it before giving it a good or bad verdict. If a good verdict is given the file/program is allowed to run and operate as normal, if a bad verdict is given it will be blocked and removed from the machine preventing malicious codes from accessing your machine and stealing sensitive information.