Cyber Security Articles & News

How to protect against the latest creepy phishing attacks

When you think about phishing attacks, you probably envision sketchy emails cobbled together with a pixelated logo, an obviously phony sender address, and a ludicrous request to wire thousands of dollars to a mysterious Nigerian prince. There’s no way today’s technologically savvy workforce could fall for such a trite scheme, right?

Unfortunately, phishing has become more sophisticated, personalized, and widespread over the past decade. A whopping 76 percent of businesses reported being victimized by a phishing attack in the past year, according to an annual report by Wombat Security. And with the average cost of a phishing attack on a midsize company totaling $1.6 million, phishing attacks aren’t just annoying—they can leave your organization in financial ruin.

While there’s no way to prevent phishing attempts on employees, educating users on how to identify potential scams is a great place to start. To help, let’s break down how new phishing campaigns operate and compile a few best practices, so you can arm employees with the hacking education they need to fight back against this type of cybercrime.

Watch out for the hidden dangers of social engineering

It’s normal to be skeptical of an email from an address you don’t recognize, but what if the sender is someone you know? Or, at least, that’s how it appears. Consider this warning from renowned hacker-turned-security consultant Kevin Mitnick, who leveraged social engineering to hack the networks of countless organizations, tallying an estimated $300 million in damages.

“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted,” Mitnick said in an interview with Frontline. “Because none of these measures address the weakest link in the security chain: the people who use, administer, operate, and account for computer systems that contain protected information.”

Of course, money spent on security is never money wasted if it works. But Mitnick is right: The best way an organization can prevent a successful phishing attack is by making sure employees understand attacks aren’t always obvious. One of the most successful types of phishing attacks is impersonation—disguising oneself as someone the victim knows and trusts by using information found on their social media profiles. The criminal then cons the victim into providing sensitive information, wiring money, or—as is the case with a new phishing attack—downloading credential-stealing malware.

To read the full article, and other important technological news refer to the source.


Topics: Social Engineering, suspicious emails, security chain, keynote speaker, phishing attacks, security awareness training, security consultant, malware, weakest link, cybercrime, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

What's Included in a Penetration Test Report?

Penetration tests are an extremely useful exercise to mitigate risks and patch your security gaps. If you’ve been asking yourself why do penetration t..

Read more ›

What Is Pivoting in Cyber Security and What Does It Mean for Pentesters?

Data breaches in 2022 were abundant and sophisticated. Realistically, it’s expected that this year we will continue to see threat actors test their li..

Read more ›

What Is One-time Password (OTP) Social Engineering?

Even if your business has a mature cybersecurity program, there may be one vulnerability that threat actors can still use to steal your company data: ..

Read more ›