TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    DeSantis benefits from ‘Trump fatigue’ ahead of possible 2024 face-off

    July 3, 2022

    Germany and Ireland attack Boris Johnson over Northern Ireland rules

    July 3, 2022

    Biden administration split on whether to remove China tariffs

    July 3, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Tesla’s run of record quarterly deliveries comes to an end thanks to China’s COVID shutdowns

      July 2, 2022

      Virgin Orbit successfully launches satellites during first night mission

      July 2, 2022

      Meta’s shutting down its digital wallet, Novi

      July 2, 2022

      TCL 30 XE 5G review: not bad for $200

      July 2, 2022

      Your internet life needs a Feeds Reboot — here’s how to do it

      July 2, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Understand More About Phishing Techniques to Reduce Your Digital Risk
    Cyber Security

    Understand More About Phishing Techniques to Reduce Your Digital Risk

    January 24, 2019Updated:January 24, 2019No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    According to Phishing.org, the practice of phishing started around 1995. Nearly 25 years later, phishing is still used by attackers of all levels of sophistication. The 2018 Verizon Data Breach Investigations Report (VDBIR) ranks it as the third most common technique used in incidents and confirmed breaches and finds that 70 percent of breaches associated with nation-state or state-affiliated actors involved phishing. However, even low-level hackers are using phishing with success thanks to a rich ecosystem of threat actors on cybercriminal forums and messaging applications sharing tips and tools. 

    Here are just a few examples of the techniques this wide swath of actors can choose from when executing their phishing campaigns.

    Social media: The Sony Pictures Entertainment attack, the Bangladesh bank heist and the WannaCry outbreak all involved highly proficient, state-backed attackers using a variety of pretexts to convince targets to click on the link in their phishing emails. Pretexting involves masquerading as another entity to obtain the information desired from the target. In these campaigns, the phishing emails appeared to be official notification emails from Facebook or Google and the attackers also sent messages directly through social media sites like LinkedIn.

    Expert assistance: Less sophisticated threat actors have access to a wide variety of forums and groups where they can learn the latest phishing techniques, as well as purchase step-by-step tutorials and phishing templates to conduct their own campaigns. Novices don’t even have to venture into the dark web to get access to these illicit tools – they are readily available on the surface web on well-known sites. 

    Spoofing: Individuals are more likely to open an email when they believe it is from a legitimate sender, so attackers often choose to spoof or forge the email header in their messages to increase their chances of success. Spoofing is often used in Business Email Compromise (BEC) and can be quite convincing, as evidence by the fact that BEC and Email Account Compromise have cost organizations billions of dollars in losses over the last five years. Tutorials on spoofing techniques include everything from how to create, compromise or find a Simple Mail Transfer Protocol (SMTP) server from which to send the spoofed emails, to how to prevent emails from ending up in spam folders or the hosting IP from ending up on blacklists.

    Cloning websites: More sophisticated actors tend to use platforms such as Metasploit or Social Engineering Toolkit (SET) to create a clone of a legitimate website and an impersonating URL. For aspiring phishers, a website cloning or mirroring service known as XDAN CopySite makes it easy. All they need to do is enter the domain of the website they want to clone, and within seconds they have a static version of the site – enough to be convincing at first glance. Phishers will then host the html file, or series of files, on a website using an acquired domain. Sophisticated actors also have a few shortcuts available. For example, Metasploit includes a credential harvesting script and will even host the web server for the attacker. 

    While barriers to entry continue to fall and techniques become more advanced, individuals are not taking the bait as frequently. The 2018 VDBIR says on average only four percent of people in any given phishing campaign will click. Still, attackers need only one person to click to accomplish their mission.

    So, what can organizations do to further mitigate their digital risk from phishing attacks? These five steps can help:

    1. Limit what information your organization and its employees share online, including on social media sites such as Facebook and LinkedIn. The most successful phishers will perform detailed reconnaissance on targets, so they can craft the most effective emails and social engineering lures.

    2. Monitor for registrations of typo- or domain-squats that can be used by attackers to impersonate your brand, send spoof emails and host phishing pages.

    3. Implement additional security measures such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM). These can make the spoofing of your domain more difficult.

    4. Protect your accounts in case phishers do manage to steal user credentials. Two-factor authentication measures should be mandated across the organization and implemented wherever possible.

    5. Train your employees how to spot phishing emails and alert security teams to suspected phishing attempts. Eventually, a phishing email will fall through the net. Employees need to know how to report these quickly without fear of repercussions of being the victim of a social engineering attack.

    Although phishing is now in its third decade, organizations must remain vigilant. Threat actors rely on tried and trusted methods; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them. Furthermore, with little to no learning curve, we can expect more threat actors will jump on board. Fortunately, by continuing to prioritize the right controls and training policies, organizations can reduce their chances of being reeled in.

    Alastair Paterson is CEO and Co-Founder of Digital Shadows. Alastair has worked for over a decade advising secure government and FTSE 100 clients on large-scale data analytics for risk and intelligence. Before founding Digital Shadows in 2011, Alastair was International Propositions Manager at BAE Systems Detica working with clients in the Gulf, Europe and Australasia. He holds a first class MEng in Computer Science from the University of Bristol.

    Previous Columns by Alastair Paterson:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    Germany and Ireland attack Boris Johnson over Northern Ireland rules

    July 3, 2022

    Biden administration split on whether to remove China tariffs

    July 3, 2022

    Covid vaccines: how can immune imprinting help experts to rethink jabs?

    July 3, 2022

    Help truly wanted, even if you’ve been in jail

    July 3, 2022
    Trending Now

    NFT Sales Slide to a 12-Month Low Amid Crypto Meltdown

    By techbizweb

    China’s rise pushes Asia-Pacific nations to embrace Nato

    By techbizweb

    Three Arrow’s Su Zhu Puts Singapore Luxury Home for Sale

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.