Phishing website or worse
Phishing website is yet another way for the cyber criminal to try to gain access to sensitive information. Usernames, passwords and also bank-related information is at risk with this type of cyber crime and can be used in several types of fraud. The attempt can also be for harmless reasons, but still a nuisance to infected computers in the domain.
Phishing usually exploits the user with imaginative examples to get the user to write down passwords. The most common methods are about masquerading information and data as legitimate when the origin is different than implied.
For instance a website can get from what appears to be several messages from an organization, administrator or community.
Most of these messages seems to be legit, but there is usually a hidden function behind the message. These messages are sent to a person with, for instance, information about a credit card transaction that has failed or some account lockout request from Facebook or Netflix. Usually they provide a link that should “fix” the problem.
However, the link itself goes to a completely other site, hosted by the criminal where the visitor needs to enter the credentials in order to proceed. Therefrom the hacker can start the procedure of exploiting the users credentials.
How IDS helps you as a network administrator
This is just one way that the attempt can occur through phish attacks. The user usually does not even know that they have been compromised in any manner.
An IDS solution like Syspeace can help the administrator to notice the attack directly at IP-level, so the user hacking attempt can be stopped directly.
Syspeace does not protect directly against Phish attempts, but does complement other tools to make it harder for the cyber criminal to reach their goals via phishing or phishing website.