How to protect against the latest creepy phishing attacks

When you think about phishing attacks, you probably envision sketchy emails cobbled together with a pixelated logo, an obviously phony sender address, and a ludicrous request to wire thousands of dollars to a mysterious Nigerian prince. There’s no way today’s technologically savvy workforce could fall for such a trite scheme, right?

Unfortunately, phishing has become more sophisticated, personalized, and widespread over the past decade. A whopping 76 percent of businesses reported being victimized by a phishing attack in the past year, according to an annual report by Wombat Security. And with the average cost of a phishing attack on a midsize company totaling $1.6 million, phishing attacks aren’t just annoying—they can leave your organization in financial ruin.

While there’s no way to prevent phishing attempts on employees, educating users on how to identify potential scams is a great place to start. To help, let’s break down how new phishing campaigns operate and compile a few best practices, so you can arm employees with the hacking education they need to fight back against this type of cybercrime.

Watch out for the hidden dangers of social engineering

It’s normal to be skeptical of an email from an address you don’t recognize, but what if the sender is someone you know? Or, at least, that’s how it appears. Consider this warning from renowned hacker-turned-security consultant Kevin Mitnick, who leveraged social engineering to hack the networks of countless organizations, tallying an estimated $300 million in damages.

“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted,” Mitnick said in an interview with Frontline. “Because none of these measures address the weakest link in the security chain: the people who use, administer, operate, and account for computer systems that contain protected information.”

Of course, money spent on security is never money wasted if it works. But Mitnick is right: The best way an organization can prevent a successful phishing attack is by making sure employees understand attacks aren’t always obvious. One of the most successful types of phishing attacks is impersonation—disguising oneself as someone the victim knows and trusts by using information found on their social media profiles. The criminal then cons the victim into providing sensitive information, wiring money, or—as is the case with a new phishing attack—downloading credential-stealing malware.

To read the full article, and other important technological news refer to the source.


Topics: Social Engineering, suspicious emails, security chain, keynote speaker, phishing attacks, security awareness training, security consultant, malware, weakest link, cybercrime, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›