With the increase of breaches, there is a common theme amongst many of the targets: the point of entry for the breach was caused by a phishing attack. So what exactly is phishing? Phishing is a type of social engineering that commonly uses email or websites to trick the user into revealing personal information or to install a virus that compromises the victim’s computer and allows the attacker to create a beachhead into their company’s network. These messages can look like a notice from a bank or other financial institution; the messages can also be crafted in a way that makes the user believe it is from an organization that the victim is familiar with.
Types of Phishing
When it comes to email, there are two types of phishing that organizations need to be aware of. The first type is the ‘regular’ phishing attack. These attacks are not targeted, and attempt to manipulate the user in clicking on a link that will take them to a webpage that can have the appearance of, for example, a helpdesk webpage that will ask for the user’s credentials. This type of attack is more generalized and is usually sent to multiple email addresses blindly. The second type of phishing attack is a spear-phishing attack. Spear phishing is a targeted version of the attack, impersonating one or more parts of an organization. The attackers find recipients that may have been farmed from social media sites such as Twitter and Facebook; or from other data breaches that revealed part or all of an organization’s email lists. A phisher may blindly target an organization if they know the domain and the user account naming convention, and generate names that follow that pattern in hopes that the attackers get a bite. Whaling is like spear phishing, but targeted at upper management of an organization as an attempt to exfiltrate sensitive company data.
How to recognize Phishing
Phishers try to trick the user into believing that the email is authentic, and represents that organization. The more well-crafted the email, the higher the chance of success that the victim will click on the link. Some of the ways to recognize a phishing email is to look for poor English, spelling, or other grammatical errors in the body of the email. Another way to identify these emails are to look at the actual header information to see who the actual sender is. If it does not match the sending address domain, then the email address has been spoofed.
Best Practices
When it comes to phishing emails, the best defense is to educate the users to recognize what the signs of a phishing email looks like. As mentioned above, the email may contain spelling and grammar errors. The users should be educated annually in accordance with the organization’s information security policy; incorporate this into the policy if it does not exist. Use a spam filter or an email anti-virus gateway to block known spam email addresses.
In today’s ever increasing breaches, phishing has been identified as one of the most effective methods for compromising an organizations network. Educating the users on what to look for will help minimize these types of intrusions, and the use of a spam or anti-virus email gateway will also reduce the risk.
[su_box title=”About John Murphy” style=”noise” box_color=”#336588″]John Murphy has been working in the Information Security field supporting the Navy and Marine Corps since 2004. During his tenure, John worked with every element of Cybersecurity from compliance audits to incident response. He joined the ReliaQuest team in 2015 as a Secure Operations Center Sr. Analyst.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.