Managing the Phishing Threat to Your Organization
- Author Wayne Rash
- Published March 2, 2012
- Word count 504
By now you’re familiar with the basic phishing e-mail. You know the one -- it comes from a bank you don’t do business with asking you to verify personal information such as your name, Social Security Number and your existing bank account information. The e-mail may claim the bank it purports to represent has a check to deposit to your account, is trying to clear a check or something else along those lines. These phishing e-mails are easy to spot, their misspelled words obvious and the bogus links show up clearly. They’re also fairly easy to fight.
Unfortunately, so many people are on to this kind of attempted identity theft that the phishers have turned to more sophisticated means. They use real bank logos and information they’ve gleaned from elsewhere on the Internet to make it look like they know you, and they don’t ask for personal information. Rather, they ask you to visit a website that will download a virus that will go through your computer and collect whatever information it can find.
But as phishing continues to evolve, detecting phishing e-mails is becoming more difficult. Worse, some phishing e-mails are really the visible part of an APT. They appear to be from someone you know, and they appear to ask for a response regarding something related to work, your finances or something else a friend may know. But spear phishing, as these highly personal phishing e-mails are called, depends on gaining your confidence by using material gleaned from social networks or other sources. When the U.S. Chamber of Commerce was attacked, for example, the attackers went after the e-mail files. Most likely they were looking for e-mail addresses and information from the contents of the e-mails they found to use in a later spear phishing attack.
But these attacks may not be after personal finance information; rather, they may be after passwords to other companies’ systems, they may be after the names and e-mail addresses at other companies, or they may be after personal information they can use elsewhere.
The solution to most spear phishing attacks is first to use the best screening systems you can find. Some next-generation firewalls and most high-end security software can at least warn when they find a suspicious message. In addition, users must be trained never to answer requests for personal information of any kind. The bank is never going to e-mail anyone asking for account information. The IRS isn’t going to e-mail anyone about taxes, and the security staff at another company isn’t going to e-mail anyone about their access information.
There are no posted comments.
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?
- What is a denial of service attack?
- How to Remove VISUAL SHOPPER completely
- Just a few Thinkings In relation to File and Document Management Systems Protection