Protecting against social engineering attacks!

Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies, designed to lead consumers to counterfeit websites that trick recipients into divulging financial data such as usernames and passwords.  Employees possess credentials and overall knowledge that is critical to the success of a breach of the company’s security.  A phisher’s success is contingent upon establishing trust with its victims.

Phishing messages seem to be from legitimate organizations like PayPal, UPS, a government agency or a bank. The emails politely request updates, validation or confirmation of account information, often suggesting that there is a problem.  A person is then directed to a fake site and tricked into entering sensitive account information.

Key findings in the Anti-Phishing Work Group (APWG) Phishing Trends Report for Q1 2016underscore the significance of phishing:
  • There was a 250% increase in phishing sites between October 2015 and March2016.
  • Attackers using phishing techniques have become more aggressive in 2016 with
  • keyloggers that have sophisticated tracking components to target specific information and organizations.
  • The retail/service sector remained the most-targeted industry sector during the first quarter of 2016 with 42.71% of attacks.
  • In Q1 2016, 20 million new malware samples were captured.
Appropriate antiphishing measures to take:
  • Don’t respond to links in unsolicited emails
  • Don’t open attachments from unsolicited emails
  • Protect passwords and don’t reveal them to anyone
  • Don’t give sensitive information to anyone
  • Closely examine a website’s URL – in many phishing cases, web address may look legitimate, but the URL may be misspelled or the domain may be different
  • Keep browser up-to-date and apply security patches
  • Use antiphishing software to detect phishing emails and websites
Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites and email.  It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website that the viewer is visiting in an attempt to prevent fraudulent websites from masquerading as other legitimate websites.
To prevent phishing, here are steps a company can take:
  • Test employees using our PhishingBox phishing simulator
  • Conduct phishing training sessions with mock phishing scenarios
  • Keep all systems current with the latest security patches and updates
  • Install an antivirus solution
  • Schedule signature updates
  • Monitor antivirus status on all equipment
  • Develop a security policy that includes password expiration
  • Deploy a web filter to block malicious websites
  • Encrypt all sensitive company information
  • Convert HTML email into text only email messages
Prevent phishing for your company or organization:
  • Install anti-virus as well as antiphishing software
  • Update anti-phishing software regularly
  • Register with phishing detection websites
  • Use browsers that aid in detecting phishing activities
  • Use the PhishingBox phishing simulator

There are multiple antiphishing steps a company can take to protect against phishing. Companies must keep a pulse on current phishing strategies and confirm their security policies and solutions can eliminate threats as they evolve.

Put PhishingBox to work as part of your anti-phishing procedures.

Learn how easy it is. Request a Live Demo!