Cyber Security Articles & News

How to protect against the latest creepy phishing attacks

When you think about phishing attacks, you probably envision sketchy emails cobbled together with a pixelated logo, an obviously phony sender address, and a ludicrous request to wire thousands of dollars to a mysterious Nigerian prince. There’s no way today’s technologically savvy workforce could fall for such a trite scheme, right?

Unfortunately, phishing has become more sophisticated, personalized, and widespread over the past decade. A whopping 76 percent of businesses reported being victimized by a phishing attack in the past year, according to an annual report by Wombat Security. And with the average cost of a phishing attack on a midsize company totaling $1.6 million, phishing attacks aren’t just annoying—they can leave your organization in financial ruin.

While there’s no way to prevent phishing attempts on employees, educating users on how to identify potential scams is a great place to start. To help, let’s break down how new phishing campaigns operate and compile a few best practices, so you can arm employees with the hacking education they need to fight back against this type of cybercrime.

Watch out for the hidden dangers of social engineering

It’s normal to be skeptical of an email from an address you don’t recognize, but what if the sender is someone you know? Or, at least, that’s how it appears. Consider this warning from renowned hacker-turned-security consultant Kevin Mitnick, who leveraged social engineering to hack the networks of countless organizations, tallying an estimated $300 million in damages.

“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted,” Mitnick said in an interview with Frontline. “Because none of these measures address the weakest link in the security chain: the people who use, administer, operate, and account for computer systems that contain protected information.”

Of course, money spent on security is never money wasted if it works. But Mitnick is right: The best way an organization can prevent a successful phishing attack is by making sure employees understand attacks aren’t always obvious. One of the most successful types of phishing attacks is impersonation—disguising oneself as someone the victim knows and trusts by using information found on their social media profiles. The criminal then cons the victim into providing sensitive information, wiring money, or—as is the case with a new phishing attack—downloading credential-stealing malware.

To read the full article, and other important technological news refer to the source.


Topics: Social Engineering, suspicious emails, security chain, keynote speaker, phishing attacks, security awareness training, security consultant, malware, weakest link, cybercrime, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

5 Holiday Cybersecurity Tips To Prepare Your Organization

Protecting your organization from outside threats should always be a top priority. However, you may need to shore up your security as we approach the ..

Read more ›

Spear Phishing vs Phishing: Recognizing the Difference

Since the dawn of the internet, there have been threat actors looking to exploit systems, steal data, and compromise the integrity and reputation of p..

Read more ›

Kevin Mitnick Security Awareness Training: Microsoft Teams

Kevin Mitnick — founder of Mitnick Security and Knowbe4’s Chief Hacking Officer — helps organizations find and remediate vulnerabilities through penet..

Read more ›