Phishing Attacks

 

According to CYREN Cyber Threat Report (August 2016), Phishing is on the top threat category for small to medium-sized businesses. Within the last 12 months, 43% of those companies suffered a Phishing breach.

What is Phishing?

Phishing is a type of Internet fraud used by scammers to obtain valuable personal information such as the card number, CVV/CVC security code, password and username. To obtain these confidential information scammers use fraudulent emails that at first glance give the impression of being sent directly from the email address of your bank. In most cases these emails contain minor irregularities, such as grammatical errors. The message contains a link to the website where you will be requested to reveal your confidential information. If you are not careful enough and reveal information, you could be a victim of scammers.

 

How to recognize a phishing email

Banks do not have any reason to ask your sensitive personal data or passwords, thus, they do not send this type of email whatsoever. No matter how convincingly this email looks, it is fraudulent. It may happen that you suddenly start receiving emails in the name of your bank, which at first glance seem authentic and may be submitted as ‘customer satisfaction survey’ or ‘an invitation by the bank to update their records’.

 

Distribution of Phishing Attack

Phishing via email is the classic way to carry out phishing attacks however, there are other methods, too. Social media, online advertising or text messages are used to accomplish this type of attack, too.

Are most common Internet Browsers Safe?

Whether it comes to businesses or home users, the browser application is often the only source of web protection. However, browsers are not able to recognize and block a phishing web site, thus, warn users. If you want your employees to surf the web safely, always use a web security solution as it will block all known phishing websites and other threats coming from the Internet.

 

Google Chrome, Mozilla Firefox and Microsoft Internet Explorer 11 have been tested by CYREN analysts in terms of the time needed to detect and the appearance of a warning message. Known phishing sites have been monitored for a minimum of 2 days. Results show that Google Chrome has blocked 74% of phishing sites within 6 hours and 20 minutes. Mozilla Firefox has blocked 52% within less than 2 hours. On the other hand, Microsoft Internet Explorer 11 has blocked only 22% within almost 16 hours.

 

Are Trusted Brands Always Trustworthy?

Over 4 million phishing URLs were examined by CYREN analysts in order to discover which brands are most common phishing targets used in fraudulent schemes. Results confirms that with almost 400,000 phishing URLs, Amazon and eBay are most spoofed websites. Storing credit card or banking information on shopping websites are risky, because an intruder can gain credential information and possibly do online shopping.

 

Web service and Internet companies such as Apple, Google or Microsoft accounted almost 220,000 URLs. If an intruder is successful, stolen credentials can be resold. Many people use the same user names and passwords on multiple sites, thus, stolen credentials can be used to hack other websites as well.

 

Financial services companies are target of cyber criminals, because stolen credentials are like an open door to money or perhaps bitcoins. PayPal, Royal Bank of Scotland or ICS Cards characterised over 80,000 phishing sites.

 

How to Protect Against Phishing?

As already mentioned, internet browsers are not safe. Cyber security experts recommend, that companies always use Password Management, Two-factor authentication and Phishing intelligence.

 

Password manager, for example LastPass, Dashlane or 1Password creates unique and different passwords for every site. Moreover, password manager does not autofill information into a phishing site. Employees should be required to use two different components in order to log into a website. For example, something they know (password) and something the owns (a phone). Phishing intelligence, such as PhishMe or OpenPhish uses algorithms to automatically identify phishing sites and provide real-time intelligence.

 

Your Credentials have been Stolen – What Now?

If you have responded to phishing email, followed the link and filled your credentials, we recommend to leave the site immediately. Next, contact the administrator of original website and forward the suspicious email to him. Finally, change the login information.