Phishing attacks have become very common, both for home users and businesses. It is very likely that you have already encountered one of them.
In this article, we will learn (or recognize) what this type of attack is and how your company can try to prevent it.
What is Phishing?
Phishing is a cybercrime, in which someone illegally tries to obtain confidential information from others. It is one of the forms of attack of so-called social engineering.
The most targeted information in this type of scam is passwords, CPF, current account numbers, and credit cards, among others.
But there are also phishing attacks carried out to obtain passwords from social networks, for example. In this case, the objective is to make improper use of these accesses.
The first legally known case of phishing occurred in 2004 in California. A young man created a fake website and collected bank data from several users from it. With the data, he started to withdraw money from his accounts.
The word comes from the English “fishing” and refers to the idea of hooking unsuspecting users from a bait.
Brazil is among the countries with the highest incidence of phishing attacks worldwide.
Phishing Types
There are different forms of phishing attacks. We list the best known below.
Blind Phishing: it is a mass attack, randomly launched by e-mail, with the aim of hooking as many unsuspecting users as possible.
Spear Phishing: it is the opposite of blind phishing, directed against a specific target, such as employees of a certain institution, customers of a certain company, or even a single person. In this type of attack, the objective is to access specific information.
Phishing Clone: it is carried out from a fake website that presents itself in place of the original and collects user data, such as login and password, for example. Then there is a redirection from the fake site to the real one and the user doesn't even notice the data interception.
Whaling: the whale is a whale in English. Therefore, it is a question of fishing for “a big fish”, that is, a high-level executive, for example. These are attacks that usually present themselves as internal company notifications or court subpoenas.
Vishing: uses voice channels to carry out the attack, so the letter "v" at the beginning of the word. It can come as a message via SMS asking you to contact a certain number, or it can be a direct phone call. In this case, the scammer uses resources to hide the caller ID.
Pharming: it affects many users at the same time, as the scammer causes the so-called “DNS poisoning”, that is, it causes the user, when searching for a particular website on the internet, to be redirected to another, possibly false and malicious.
8 Tips to Avoid a Phishing Attack Against Your Company
Most attacks on companies fall into the category of spear phishing, that is, they are targeted attacks.
Worryingly, a survey by Intel revealed that almost all internet users had a hard time recognizing a phishing attack.
And it is mainly on the users that the success of preventing these attacks depends. Hence the importance of knowing some measures that can guarantee greater security to the corporate environment.
Here Are 8 Tips for Preventing Phishing Attacks in Your Company.
1. Do not open suspicious emails
Do not reply to them, do not click on links that they may provide, do not open or download attached files.
Check by other means - the phone, for example - if the sender in the header was the one who actually sent that email.
The use of the antispam filter is not a guarantee, but it does help to reduce the number of suspicious emails in the inbox.
2. Check suspicious links safely
To check for a suspicious link, do not click directly on it. Prefer to enter the address manually in the browser.
3. Check the spelling of website addresses
In the case of accessing a website, check its URL, paying attention to small differences in its spelling.
4. Make sure you're on a secure page
Especially when you need to provide confidential data, make sure it is on a secure page, with “https” at the beginning of the address and the lock icon.
5. Keep software up to date
Many phishing attacks are supplemented by the entry of malicious software into the environment.
Updated versions of antivirus like total security, antispyware, browser, and firewall will always be better able to detect malicious software.
6. Protect your passwords
Use a password manager, for example, KeePassX. It securely stores all your passwords, and remember not to use the same password for more than one service.
Another possible measure regarding security in the supply of passwords is the use of two-factor authentication so that the scammer never gets the full password for access.
7. Provide more stringent protection to the most targeted people
The more strategic the position someone occupies in the company, the more information it has. Therefore, the greater the risk for the company if it is the victim of spear phishing.
It is necessary to redouble the protection of the equipment that this person uses and, at the same time, make him / her aware of this issue.
8. Preserve your company's email
Companies that send a lot of e-mails to their customers become natural candidates to have their “appropriate” e-mail address for scammers.
So, periodically check that your company's e-mail, or even your visual identity, is no longer being used by scammers to send malicious lures to your customers.
Conclusion
In summary, the practice of phishing is very frequent and care is taken to ensure the security of the company's digital environment.
Comments
Post a Comment