Last year saw several high profile security breaches including US
firm Target and one of the biggest corporate hacking scandals the world
has ever seen with the attack on global mega corporation Sony
Entertainment.
Phishing emails play a huge role in the attacks launched against brands and organisations all over the world.
The initial spark that causes some of these huge calamities can start
with something as innocent and ubiquitous as a fake email. Verizon’s
2014 breach report stated that phishing emails account for the entry
point of up to 67 per cent of the most audacious security attacks of our
time.
The critical aspect of all social engineering scams is that the
intended victim is lulled into a false sense of security and believes
the communication to be genuine.
Researchers at the University of Buffalo conducted a study using
‘information rich’ phishing emails; these emails are equipped with logos
and graphics from a well know brand or group that is recognisable to
the recipient as well as carefully crafted text to sound both personal
and scare mongering.
Most importantly, they contain a call to action encouraging you to
click or register and thereby unleash the destructive force of the would
be hackers. The quote below describes the nature of the University
study:
The phishing email was made to look like it came from the
University’s IT department, and said that there was an error in their
student email account settings. They were asked to follow an enclosed
link to access their account settings in order to solve the problem, and
were instructed to do it fast, as access to their account would be
permanently blocked shortly.
The study found that 68 per cent of the 125 students tested fell for
the ruse. Considering these tactics have led to some of the biggest
security breaches of our time, this isn’t surprising.
Awareness and proper training are key in combating these issues.
There are many technologies available that help to screen files and
suspect code hidden within emails.
A strategy that allows you to map out the infrastructure associated
with phishing campaigns, block likely entry points, track URLs that are
typically used, and host exploits or spurious web forms designed to
gather user credentials is the best approach to take to combat would be
attackers.
The fact is that phishing is still a preferred way to steal users’
data. A phishing scam will look like it was sent by someone inside your
organisation and it will request a reasonable action.
However, this also leaves a signature that can be successfully
detected, for brands and organisation to effectively combat phishing
constant vigilance and greater awareness and a drive to educate staff is
needed.
This threat can be beaten through a combination of human efforts and
employing superior technology to outsmart would be attackers
No comments:
Post a Comment