What You Need to Know About Phishing
The IT industry is in an uproar over the massive increase in phishing attacks on organizations worldwide. Small businesses, enterprise organizations, even individuals are the victims of these attacks, and the aftermath can be devastating.
You’re almost guaranteed to have an attempted phishing attack on your organization, and if dealt with in the wrong way, it could have a significant impact on your business. Your organization’s reputation, data loss and productivity are at stake – and it’s essential you understand the risks, consider your mitigation options and communicate what you’ve learned to all your team members.
We know there’s a lot at stake. That’s why we encourage you to read this blog and grab a copy of our FREE download – a phishing checklist you can share with your team. If you have any questions on the potential impact to your business, please contact us any time.
What Phishing Means, Exactly
Phishing is simply a type of fraud carried out via email. The victim receives what appears to be a legitimate message from a reputable company or person, asking that some type of action be performed, such as sending money or clicking a link. These cybercriminals are cunning in the way they word their messages, and it can be difficult to determine whether or not the request is authentic – messages often closely mimic the reputable company’s email.
What we often see is a victim receives an email directing them to click a link or visit an authentication page set up by an attacker. It usually resembles a familiar resource such as Microsoft Outlook Web App or Gmail. Without understanding the threat, victims enter their credentials and the attack becomes a success.
The scammers steal the entered credentials and use them in any way possible. They typically send emails from the victim’s account, download their entire mailbox or log in via VPN, remote desktop or VDI – all possibilities exist since the attacker now has valid credentials.
Why Spam Filtering and Anti-Virus Software Are Not Enough
As you know, spam filtering and anti-virus software are an important part of any organization’s IT security plan. The problem is that phishing often uses techniques that can evade them both.
It’s important to note that phishing attacks typically don’t include any malware, which is software designed to damage your computer, server or network. That means anti-virus solutions won’t catch the threat, because its purpose is to detect malware only. And spam filtering doesn’t protect against sophisticated phishing attempts, as those messages may come from legitimate email addresses, or trusted IP addresses.
Awareness Training and Exploring Mitigation Options Are Your Best Bets
It’s simple really – increase awareness on your team and reduce the amount of phishing attacks. Train and educate your staff, and they’ll be better able to recognize suspicious emails and web links.
That’s why we’ve developed Compudyne’s Security Services, where we offer tools such as training modules or phishing simulations. We systematically deliver messages to users in your network, and the emails utilize the tactics real attackers use. It’s all for practice, and we won’t gather sensitive information. If a user becomes victim of our staged attack, they’ll be directed to training modules. Reporting is available, and as end users better recognize fraudulent email, the percentage of successful phishing attempts drops significantly over the course of time.
Another option is an authentication mechanism called Multi-Factor Authentication (MFA). When a user logs into an account, they’ll need something else to verify their identity, such as providing a code sent to email or via text message, or they may need to approve the login via a smartphone app. Our Managed Multi-Factor Authentication Services enable organizations to pick which applications and end users require the additional layer of authentication. It’s one more reputable layer of security, and an essential way to stop cybercriminals in their tracks.
What You Need to Do Next
To learn more about our Security and Awareness Training or Managed Multi-Factor Authentication Services, contact us anytime.
Download our FREE phishing checklist to help train your team.