What do you know about Phishing?

Posted on Jan 8, 2019
Share Button

Keep yourself up-to-date with the latest facts on Phishing and how it can impact your business.

Phishing is still a prevalent form of attack that can be avoided with the proper defense precautions. This article from KnowBe4 provides relevant information on how to keep your information safe, and up-to-date facts. Contact CITON to find out how we can help you and your business protect your data through anti-malware and ransomware. (218) 720-4435.

Phishing is a core tactic in the cybercriminal’s arsenal. It’s the basis for the majority of social engineering, CEO fraud, and malware infection. The Anti-Phishing Working Group (APWG) just-released 3rd Quarter Phishing Activity Trends Report provides insight into the current state of phishing.

Some of the highlights this quarter include:

  • Phishing Attacks Remain Constant – The number of unique phishing reports has remained relatively steady from Q2 to Q3
  • Phishing Focuses on the Money – Payment processing firms remained the most-targeted companies, followed by the banking sector
  • Encryption is on the Rise: Phishing attacks hosted on secure sites continues its steady increase since 2015
  • Redirection is Key to Avoid Detection: phishing attacks are using redirectors both prior to the phishing site landing page and following the submission of credentials to obfuscate detection via web server log referrer field monitoring

The data collected by APWG provides some key insight on how organizations need to protect themselves:

  • Expect phishing to continue – there are zero indications that phishing is declining at any point in the near future.
  • Focus on the Phish – Before malware, ransomware, or social engineering can have an impact, the email needs to get to the Inbox, be opened, and have a malicious action taken first. So, your greatest protection is found in stopping the phishing from being successful.
  • Take a Layered Approach – Put proactive security measures like endpoint protection email and web scanning, and Security Awareness Training in place in order to both spot and stop phishing emails from either ever reaching an Inbox, or ever being engaged with by a user.

 

Article written by Stu Sjouwerman.

Keep this information in mind when opening your next unknown email, and if you do, keep us in mind. We’re here to help.