enterprisesecuritymag

Why Organizations Must Deploy Phishing Protection Software?

By Enterprise Security Magazine | Monday, July 06, 2020

Businesses are getting better at user awareness training, but phishers are getting better, too, and they're continually honing their techniques to find new ways to trick users and email filters. Below given is an article about why and how phishing must be prevented.

FREMONT, CA: Phishing attacks are among the most common security challenges individuals and companies face in keeping their data safe. No matter if it's getting access to passwords, credit cards, or other sensitive information, hackers use email, social media, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target.

The mass phishing campaigns of the past are becoming more targeted and sent at lower volumes. A single phishing email might be sent to hundreds of recipients and included generic greetings in the past. Mass phishing waves are more comfortable to identify than low-volume attacks, indicating that phishers are getting smarter about picking their targets.

Many email filters scan only the body of the email for phishing links. Phishers create fake attachments by appearing as a legitimate attachment such as a Word doc when a user clicks on the attachment, they're directed to a phishing page. In other cases, the document itself includes a phishing link in the body text of the material. One popular scam is the fake invoice attachment, designed to look like it was sent from a vendor. The victim is told to log into their account to pay an outstanding bill. Once they do, their credentials are stolen.

To trick users and email filters, hackers are mixing legitimate content with malicious content in phishing emails. Some examples include adding a legal reply-to email address to a phishing email, including multiple genuine links and the phishing link in the email body. Once users submit their account credentials on the phishing page, they are redirected to a specific Microsoft landing page, closing the loop and convincing the user the transaction was legitimate.

Weekly Brief