EDITOR ’ S QUESTION
ABIGAIL SHOWMAN , SENIOR INTELLIGENCE ANALYST , FLASHPOINT
Phishing attacks are commonly launched against both individuals and organizations , with the potential for devastating consequences to both . Therefore , fighting back against these attacks requires team and individual-driven efforts .
Two of the most commonly used phishing techniques are :
• Sending fraudulent emails impersonating organizations or administrators and asking potential victims for credentials
• Creating fraudulent websites impersonating a target website that then harvests a victim ’ s login information
Differing from the cyberattacks that target an organization ’ s systems , phishing attacks target individuals , making it much more difficult for security teams to oversee and prevent them . have become adept at making phishing campaigns appear legitimate by incorporating an organization ’ s real contact details , website information or commonly used messaging .
Checking web domains to verify they are authentic should be common cybersecurity practice , especially if a site is asking a user to enter login credentials or other sensitive information .
Another important step is to limit the amount of publicly available personal information . Threat actors will use this information to create highly customized and personalized messages that appear believable , making it easier to trick the victim into providing sensitive information they may not otherwise provide . Threat actors are adapting and updating their methods , so it ’ s important to take extra care scrutinizing unsolicited emails or messages .
Phishing attacks can appear in a number of different forms , from shipment tracking notifications to newsletters and promotional material . These can be generic or specifically customized to the target . Threat actors often leverage significant events , such as natural disasters or global news events / crises , to lend legitimacy to the phishing campaign . This often compels users to respond out of sympathy .
People should avoid clicking on any link within an unsolicited email or text message . Threat actors
Threat actors often leverage significant events , such as natural disasters or global news events / crises , to lend legitimacy to the phishing campaign .
Anti-phishing add-ons should be installed to company devices and browsers to notify employees of a suspicious email or text . Additionally , password rotation should be enforced , requiring employees to change passwords after a given time period . Firewalls should also be installed to shield devices from attempted attacks and prevent infiltration by threat actors .
It is critical organizations have a strong threat intelligence program to alert security teams to suspicious activity that could predict an imminent phishing threat .
Perhaps the most important element in mounting a defense against phishing attacks is education . Organizations should educate employees on the signs of a phishing attack and work to instil the messages of precautionary methods throughout the entire company . Good threat intelligence boosts an organization ’ s ability to educate , providing real-life examples and the most up-to-date information to guarantee individuals have a thorough understanding of the threat landscape .
34 INTELLIGENTCIO APAC www . intelligentcio . com