SBN

The Phishing Response Playbook

As we know, Phishing remains one of the most well-known forms of Cyber-attacks to date. Although this form of threat has been in existence for a long time, the Cyber attacker of today has become very stealthy in their approaches. There are different variants of a Phishing attack, but in general, it can be defined as follows:

“Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.” (SOURCE: 1).

Either the victim is sent a malicious attachment (such as a .XLS or .DOC file extension), or a malicious link to click on. It is important to note here that Phishing attacks have also become highly specialized, such as those of Spear Phishing and Business E-Mail Compromise (BEC). In these instances, a certain individual, or groups of individuals are specifically targeted.

However, whomever the target is, once the damage is done, efforts need to be taken to mitigate the damage and try to find ways so that these types of attacks don’t happen again. This ‘Playbook” outlines the steps that a business or a corporation needs to take in such situations.

  • Identification:

    This is the first step in responding to a Phishing attack. At this stage, an alert is “sounded” of an impending Phishing attack, and it must be further investigated into. It is important to collect as much information and data about the Phishing E-Mail, and the following items should be captured:

  • The E-Mail address of the sender;
  • The intended recipient of the E-Mail;
  • The Subject Line of the particular (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/16mpNZb0xBw/