Phishing Attacks: Why Education isn’t Enough

In a recent BitGlass automated survey of domains, more than half of all domains worldwide use Office 365, with its usage growing phenomenally from 34% in 2016 to over 56% in 2018.

Phishing attacks continue to be a dominant form of cyber attacks- and for good reason. They have unfailingly become more sophisticated, as social engineering finds success against the human element. For this reason, educating people while there are rapid advancements of threat actors simply isn’t enough.

What is a Phishing Attack?

Phishing attacks come in multiple forms: spear phishing, clone phishing, and whaling. All of these have the common goal of obtaining sensitive information. Phishing attacks seek usernames, passwords, and/or banking information- and it’s all done through digital forms of communication.

Spear phishing targets specific individuals, attempting to procure access to more sensitive information. A cybercriminal may be looking for just enough information from the individual to use for their social engineering methods as they try to gain access to other accounts. When you call customer service agents to make changes or get information on your account, you’re probably aware that the customer service representative will need to confirm your identity before proceeding with the call. The kinds of questions the customer service rep will ask may be the information the cybercriminal seeks. The cybercriminal can use that intelligence to provide the identity confirmation requested from customer service- through social engineering- and still gain access to your personal account.

Clone phishing involves taking a legitimate email that was previously used, and creating a cloned email from it. Any attachments or links in the former email may be replaced with malicious software, successfully tricking the victim because of how authentic it appears.

Whaling is an attack on the management teams within a business, often disguised as a legal document, executive concern, or more formal customer complaint. Whaling is a phishing attack that’s meant to look like an urgent matter, from a genuine authority source.

The Impact of Phishing Attacks

PhishLabs Research, Analysis, and Intelligence Division created a report to show the trends in phishing attacks in 2018. They found that phishing attacks have now sought after SaaS (Software as a Service) companies, increasing their attacks by a whopping 237%. Social media attacks have tripled since 2017. Ironically, they also found that email and online services have now surpassed banking institutions. In fact, the increase in phishing volume extends to SaaS companies, social networking, telecommunications, shipping services, email and online services, and payment services.

How to Mitigate Phishing Attacks

There are many different approaches to help individuals and enterprises avoid phishing attacks. Education and training on the anatomy of a phishing attack, encouraging effective social responses will aid in reducing the success of attacks. Having a list of phishing sites and enabling safe browsing will also provide an extra layer of protection.

Utilizing spam filters like Barracuda Essentials will keep phishing emails from reaching a person’s inbox- one of the most helpful techniques in mitigating an attack. Barracuda uses a comprehensive filter for emails that scans all emails for attachments that may prove malicious, while it also checks all URLs against a wide database of known malicious files and servers. Barracuda also recognizes characteristics of a phishing email like suspicious language, link protection, and typo squatting. Contact us for more information on how you can protect yourself against cyber-attacks and keep your information safe.

Share this post