The 10 Best Practices for Identifying and Mitigating Phishing

Phishing (a form of social engineering) is escalating in both frequency and sophistication; consequently, it is even more challenging to defend against cyber-related attacks. These days, any industry, any workplace, any work role can be targeted by a phishing scam that is spreading beyond simple malicious email attachments and link manipulation techniques (i.e., phishers may disguise links to malicious URLs that possibly will download code once clicked). Hackers are often also utilizing new attack vectors to exploit people through all electronic and digital channels.

With phishing, automated tools can be of help; however, being a threat that primarily targets humans directly, anti-phishing technologies, to include anti-spam and anti-virus software solutions, as well as content and URL filtering, file sandboxing and secure web gateways, can only mitigate the problem; the best way to counteract is not only to use multiple defenses but also, above all, strict (and enforced) security policies and a robust awareness program that spreads through the entire organization and involves all sections and ranks. One of the first steps in identifying and mitigating these types of phishing attacks is, in fact, to understand the threat, and to be mindful of the tactics that are employed.

Phishing attacks are successful because they target basic human natural responses as the urge to open correspondence, especially when it reaches their work account or it’s believed to be coming from legitimate sources, colleagues or friends.” Phishers, who attempt to trick the recipient into believing that they are from a legitimate company or put themselves out to impersonate specific senders if not masquerade as a trustworthy entity, do so in hope to lure some digital users into releasing requested info with a purpose to exploit the human factor. When users respond with the asked for data, attackers can (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Brecht. Read the original post at: