Most of you have heard nightmare stories regarding online phishing. Phishing is yet another way for cyber criminals to try to gain access to sensitive information; such as usernames, passwords, bank-related information etc.
How does phishing work?
Phishing usually exploits the user with imaginative examples to get the user to write down passwords. The most common methods are about masquerading information and data as legitimate when the origin as different from implied.
For instance, a phishing website can get from what appears to be several messages from an organization, administrator or community. Most of these messages seems to be legit, but there is usually a hidden function behind the message. These messages are sent to a person with, for instance, information about a credit card transaction that has failed or some account lockout request from Facebook or Netflix. Usually they provide a link that should “fix” the problem.
However, the link itself goes to a completely other site, hosted by the criminal where the visitor needs to enter the credentials in order to proceed. Therefrom the hacker can start the procedure of exploiting the users credentials.
Who is vulnerable to phishing?
Individuals and companies alike are at risk with this type of cyber crime. Importantly, employees are human too and some may be more trustworthy and gullible than others. The user usually does not even know that they have been compromised in any manner.
Why would someone attempt to phish attack?
Phishing attempts are often for financial reasons, but can be used in several types of fraud. These attempts can also be for harmless reasons, but still a nuisance to infected computers in the domain.
What can be done to prevent phish attacks?
A minor mistake like this can have grave consequences. Best practice is to outline comprehensive user policies. Email and internet usage policies are crucial to ensure your employees understand the pitfalls, risks and costs of carelessness online.
As a network administrator or manager, IT concerns are manifold. Phishing mitigation policies are necessary, but other solutions for cyber crime are pivotal as well. Today’s digital environment forces IT management to be all encompassing. Syspeace is your cyber crime solution to protect your business against brute force attacks, and is an important complement to internet usage policies, firewalls and antivirus software.