We recently released the Browser Security Guidebook to provide our users and customers with all the information and guidelines to be aware of in order to have a safe and clean in-browser experience. The below article is a snippet of the information available in the guidebook. If you find this blog post interesting and helpful and would like to read more, download the full guidebook here.
Phishing is one of the most common cyber threats you might encounter on the web today, and if you're not careful, you may inevitably find yourself falling victim to a phishing attack and having your credentials or other private data compromised.
Here's everything you'll need to know to stay on top of it.
What is Phishing?
Phishing is a type of social engineering attack. Cyber criminals lure victims into handing over sensitive data or installing malware, without them knowing that they are in fact being hacked or their computers are being infected. More often than not, phishing attacks are executed via emails that appear to be from trusted senders.
Although it is pronounced the same as the word “fishing”, the PH in the name “phishing” is derived from the earlier “phreaking”, the act of attempting to use the public telephone network without paying.
Fun Fact: Steve Wozniak and Steve Jobs, who later went on to form Apple Computer, were avid phone phreakers.
Common Types of Phishing Attacks
This is perhaps the most common type of phishing attack. An email will come through to the recipient from what looks like a trusted sender. The email will include a link to download a PDF, or to a website, or even to input your details.
These links will take you to a malicious site, where malware will begin to infect your machine, or your sensitive data will be stolen. Although these links may look real, as do the sites themselves, they are not and pose a threat to your security online.
Spear phishing targets an individual and attempts to steal access to sensitive data, such as financial information or login information. Attackers will pose as a person or company the target knows in order to gain access to their private data.
Spear phishing is designed to target a specific user or a group of individuals. The hacker will conduct extensive research to ensure that the attack is as successful as they want it to be.
Whaling is another form of spear phishing, however this time the focus is on targets with a much higher value.
By posing as a more senior high-ranking employee within an organisation, a hacker is able to target other high status employees from the same company and gain greater access to company information, login credentials, financial information, etc.
Mass phishing campaigns target a bigger audience. The communications are sent in masses so they can collect as much information from the victims as possible.
Often, emails are sent pretending to be a company or organisation, and will ask the user to input their details or update their sensitive information, such as their bank details.
Although the damage caused by mass phishing may not happen straight away, the damage will come as soon as the victim’s data has been sold to hackers on the Dark Web.
How to protect your organization from phishing attacks
Ensuring your business is equipped to deal with phishing attacks should they arise is paramount.
Email content filtering
Content filtering works by assessing emails and deciding whether or not they are legitimate. Content filtering uses characteristics derived from past legitimate and spam emails to come to a conclusion.
Web content filtering
Web content filtering works by blocking access to any online content that could be deemed harmful, inappropriate, or pose a security risk.
Parents would likely install these filters to protect children whilst they are browsing the web, and businesses, with employees who have access to the internet, would need a web filter to better protect themselves from cyber threats.
There are two important layers to this:
- The DNS Layer: This inspects the destination of the link, and if that destination is a malicious website, the link will be blocked.
- The Browser Layer: With this level of protection, the browser can inspect the web page and carry out checks to ensure that it’s genuine. This layer will stop any links sending the user to a malicious website.
Helping your customers and employees stay safe online is a vital part of being cyber safe. Educating your employees on how phishing works to encrypt machines, and the methods used to do so, will help you mitigate any potential cyber attacks.
There are many ways in which you can deliver training, for example, holding workshops, supplying documents, creating video resources etc. The more time you invest, the more time you will save in the future.