AwarenessPhishing

Cybersecurity Awareness

Main | Best Practices | Training | Phishing | CybSec-101

Phishing

Phishing is a form of social engineering used to deceive users and exploit weaknesses in current computer and network security.  Phishing is the fraudulent attempt to obtain sensitive information for malicious reasons by disguising the true identity of the sender often posing as a trusted organization or person.  Phishing is typically carried out by email spoofing, but can also be used in other electronic communications such as instant messaging.  Phishing is the most common method for hackers to gain access to a network to launch malware, including ransomware and viruses, that can damage or destroy your data.  Over 90% of successful hacking attempts start with a phishing email.  These emails will either ask the recipient for sensitive information, like usernames and passwords, or credit card numbers, or personal information; or these emails will ask the recipient to click on a link, which would then take the recipient to a website that contains malware that will infect the recipient's computer and then possibly their network and other computers on the network.   Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security measures.  

Types of phishing

There are several types of phishing.

  • Spear phishing: Phishing attempts directed at specific individuals or companies have been termed spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.
  • Clone phishing: Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.
  • Whaling: The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets.[15] In these cases, the content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email may be an executive issue such as a subpoena or customer complaint.

Defense against phishing

The best protection from phishing is training and awareness.  End-users typically make up an organization's largest attach surface, making them an attractive target for the bad guys.  Regular security awareness training and specific phishing training are an organizations most effective and efficient strategy for protecting themselves against phishing attacks.

Identify phishing emails

  • There is no single thing that will always identify phishing attempts, the best chance of identifying phishing attempts is to recognize multiple indicators.
  • Check the email address of the sender.  Does it come from a known sender or domain that you regularly communicate with?
  • Look how the sender is addressing you.  Is it a generic salutation or do they know your preferred name?

Other phishing identification resources: