Phishing is one of the most popular tactics of cyber criminals for obtaining sensitive information, deploying malware, or preparing a more elaborate attack. Malicious actors keep improving their schemes in order to abuse human errors. Hence, in this month's newsletter, we are focusing on this attack method that we are all aware of, but are still at risk of falling prey to.
Recap: Phishing basics
To start with, it's important to remember that Phishing can take many different forms. It’s not just targeting key decision makers of an organization, and it’s not just email spam either. In fact, phishing is often the first point of compromise in an organization and can target anyone, be it via a carefully crafted email, phone call, or text message.
Professional phishing is on the rise
A recent security report found that global phishing traffic was up 29%, reaching a new record of 873.9M attacks. According to the publication, one contributing factor for this increase is that professional phishers are improving their tools. These phishing-as-a-service offerings lower the barrier of entry and allow even more malicious actors to create convincing campaigns.
Top 10 of most-abused brands
Lots of phishing attacks disguise as legitimate brands to trick users into engaging with it – clicking the link, downloading the attachment, or taking some other action. Traditionally, the brands most abuse were often in logistics ("We couldn't deliver you package!") or retail ("Click here for a limited-time offer!"). However, in a recent phishing report another brand takes that unfortunate first place.
Security user experience counts
What security controls often neglect is good user experience – a graft oversight, particularly when it comes to attacks targeting people. A security framework is as good as its weakest link and hence, it's crucial to engage the users we are trying to protect.
Sometimes, a simple pause is enough
Previously on Cybersecurity Magazine, we featured some basic techniques for forcing the essential 'pause' moment with users. Sometimes simple controls that prompt a double-check is enough to raise awareness to things easily overlooked – be it an unwanted attachment or an unintended recipient.
Cybersecurity Magazine Editorial Team
The Privacy-Enhancing Technology Summit North America is here to help give clarity on potential of different PETs
and help you meet the people adopting PETs so that you can find solutions to getting the most value out of sensitive data and protect it.
Join us for May 18-19 in Boston to network with industry professionals who are at the forefront of demystifying the commercial, regulatory, and technical opportunities and challenges surrounding Privacy-Enhancing Technologies. Plus save 10% on all passes when you quote CSM10 on checkout!
For our latest video discussion on the security and production systems please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.