What Is The Best Defense Against Phishing?

Uploaded on 2021-07-07 in TECHNOLOGY--Resilience, FREE TO VIEW

One of the most common and frustrating security threats is phishing. Although virtually everyone knows about phishing and how it works, most people still fall victim. 

Basically, phishing involves the theft of identity. Meaning, it's a scam in which random or specific individuals are contacted by emails, telephone, or text messages by someone who poses as a legitimate institution to lure victims into providing sensitive and valuable data such as passwords, banking credit card details and other personal information. The data is then used to access important accounts and can result in identity theft and financial loss.
 
Although the ultimate goal is always the same, cyber criminals have devised many ways to launch their attack. And the degree of phishing attacks has become so sophisticated that even many high-ranking organizations have become phishing scam victims. Hence, to secure your valuable data from any further exploitation, anti-phishing solutions have been introduced.
However, before we talk about the defense against phishing attacks, you should know how it works and the different types of the cyber attack.

Types Of Phishing Attacks

Spear Phishing:    The term 'Phishing Attack' is derived from the idea that fraudsters are fishing for random victims by using phony or defrauding emails as bait. Spear phishing attacks then streamline it down to specific people, such as high-value victims and organizations. So, the attackers are not trying to get the banking credentials of 1,000 consumers as they find targeting a handful of businesses more lucrative. Attackers who do this already have some information- Their names, Place of employment, Job title, Email address, etc- about their victim.

Unfortunately, spear-phishing attacks are extremely successful because the attackers spend a lot of time crafting information specific to the recipient.

Vishing:    Vishing is derived from two words; Voice and Phishing. And from that, it involves the use of a phone call. The victims get phone calls from the attackers disguised as representatives from their financial institutions warning them about a supposed imminent threat on their account and then asking them to call a number and input their banking details or PIN for rectification. But, the phone number rings straight to the attacker via a voice-over-IP service.

Smishing:    The goal of a smishing scam is to trick the victim into believing that they received a message from a trusted person or organization and then convince them to take some steps that will give the attacker exploitable information or access to their confidential account. This scam is very successful because people are more likely to read and respond to text messages than email.

Whaling:     Whaling is a more targeted form of phishing. This type of phishing scam attacks executives of organizations. The victims are high-value and the stolen data is extremely valuable than what a low-level employee may offer.
The attackers patiently gather sufficient information about the victim such as daily routine, who they see and where they meet them, etc. before framing the phishing message that will be used in the whaling attack. All these make it very successful.

Now that we are clear on some of the most common types of phishing, let’s consider some of the best ways to protect yourself from falling victim.

Best Defense Against Phishing

Verify Sender's Email Address:    The most common type of phishing involves the use of emails. Attackers send out generic emails to their victims. The best defense against such is to verify the sender of any email you receive. Any email address that has funny signs is a red flag. Also, there are tools to validate the genuineness of an email address. Tools email lookup, reverse and email search provide you with the details of any email address.
 
When you run the email search it provides you with all the necessary details. If it turns out blank, then it's fake.

Regularly Update Your Software:     Always keep the version of your operating system updated. Outdated apps and operating systems hold way too many bugs and can be an easy target for phishing attacks. Phishing attacks get more advanced by the day, and so are many browsers updating their security measures and releasing patches in response to the attacks. Hence, don’t ignore notifications about updating your browser.

Avoid Password Auto-Fill Service:    Phishers also use platforms to attack their victims. Hence to keep your password secure, skip any option of “save password” that pops up on a website, especially if it’s an unknown site. In fact, you should ensure the site is safe and secure before inputting your data. Make sure the site’s URL begins with “HTTPS” and there should be a closed lock icon near the address bar. If those are not there, it’s not safe and secure.

Two-Factor Authentication:     Two-factor authentication, popularly dubbed 2FA, is the second layer of security to verify your identity. In simple terms, it’s to confirm you are who you say you are. Usually, 2FA could be a question about something personal about you, something you have. This ensures that even if your password is stolen, the probability of someone knowing your 2FA is very unlikely.

Conclusion

With the advance in technology and so much of our lives going digital, it’s no wonder that the frequency of cyber crimes is on the rise. It's only ideal that we prevent our sensitive data and information from falling into the wrong hands. 

NCBI:             US Federal Trade Commission:

Ben Hartwig is Web Operations Executive at Infotracer.

You Might Also Read:

Two-Factor Authentication Matters More Than Ever:

 

« Cyber Security In Fintech: Top 5 Tips
EU Sets Up An Emergency Team To Handle Large Scale Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.