Teceze Blog
Phishing emails : Every Employee Should Be Aware of!
Phishing emails is a method used to compromise the end users’ computers to gain access into the network or to steal sensitive information. This is done by sending employees a fake email (called a phishing emails), that tries to dupe the employees into sharing confidential information such as bank account details, login names and passwords etc. The phishing emails would appear to be from a trustworthy source. For instance, from his bank requesting to verify some information on a web link. Even though the mail seems to have come from the bank, but it is not. It redirects the user to a different website – not to the bank’s website. Although, the domain name looks similar (but it is not the same), and when the user enters data there, this allows the hacker to gain access to the credentials to the user’s computer or network. Alternatively, the web link may contain the malicious code meant to gain access to the computer or & to the network by linking it to a command & control centre operated by the hacker.
One type of phishing attacks is a Spear Phishing attack. It’s a targeted attack in which a hacker or attacker researches on the victim and sends what seems to be the relevant information in the email which makes it look more legitimate, trustable. For example, it might contain details of transactions or business meetings or other such data. The email would include content which asks the person to take some action – like transferring money, or sharing credentials etc. This is particularly difficult to detect as often there is no attachment or link to check. The Radicati Group have estimated that around 3.2 billion people send around 269 billion emails every single day and some percentage of those are phishing emails. The Coronavirus situation has also seen a spike in the number of phishing emails.
The Major reason why Phishing attacks succeed, is that the users are not educated. They click on the link or attachment in the email without checking if it is legitimate. If there are 100 employees in a company, all the hacker needs, is for one of them to click on the attachment or link – and provide the data to gain his access. Compromised credentials are the main reason behind various cyber-attacks. Phishing attacks are the way by which the credentials are obtained.
Different Types of Phishing Attacks
- Spoofing the sender address in an email which looks like it has been sent from a known source – and requesting sensitive information.
- Embedding a link in an email that looks like it originates from a trustworthy source. But the link takes the user to a malicious site.
- When the user clicks on the link or attachment in the email, a Trojan is installed, which allows the hacker to exploit vulnerabilities and get access to sensitive information.
- Attempting to get company information over the phone by introducing themselves as a known company vendor or the IT department.
Over the years phishing attacks have cost millions to organizations in terms of monetary and reputational loss, hence it is worthwhile to see how they can be prevented.
Few Steps to prevent phishing attacks:
- Educate the employees by giving training to increase security awareness –
- Ask your employees to make sure they check URLs properly – Open only https URL, if it is a financial transaction.
- Specifically, direct them not to open attachments in emails from unknown sources;
- Implement spam filters to recognise & block spam and phishing emails.
- Single sign-on & strong authentication will prevent the hackers from accessing confidential information even if the credentials are compromised.
- Internet browser add-on & extensions should be visible so that users can be alerted of suspicious activities.
- Keep all systems up to date with the latest updates & patches.
- Installing & monitoring antivirus software on all systems.
- Instruct users to change their password regularly.
- Implement Web filtering to block malicious websites.
- Encrypt the sensitive information, so that even if hackers get access to the computer or network, they will not be able to access the information.
- Protecting the corporate directory which includes name, email id & other personal information of employees. This is important mainly in the case of BYOD – apps on employee’s mobile devices, which can access their address book & can export them to external sources. Therefore, installing mobile security on the user devices is important.
- Remote users should be connected over VPNs (Virtual Private Networks).
- Testing employee awareness with fake phishing emails campaign at regular intervals. This will identify vulnerable employees for further training.
- Monitor the network – both incoming and outgoing traffic for anomalies and threats.
- Conducting periodic Penetration Testing.
Finally, the main issue is – are you regularly monitoring the activities on your network? Continuous monitoring will help in detecting any abnormal activity and raise alerts. More advanced analysis can be done using data correlation provided by the SIEM (Security Information & Event Management) Solutions.
Hence, sound security policies blended with the right product & security awareness training is the most successful combination to prevent phishing attacks. Teceze helps in providing consultancy & Managed services in all these areas, including leveraging our SOC that is built on the AlienVault SIEM platform.
The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.