According to Barracuda, the spear phishing attacks are on the rises.
In those days, spear phishing attacks including business email compromise and brand impersonation are increasing in popularity among cybercriminals. Enterprises and businessmen should take measures to prevent this kind of attacks, or they face a risk of sensitive information leak.
It is reported that spear phishing attacks is particularly dangerous. It is because they have the ability to bypass the traditional email security measures like spam filter to launch attacks. Commonly, those attacks do not include malicious link or attachment. Instead, they use spoofing techniques and zero-day attack links as well as combine social engineering tricks to attack victims, making it pretty difficult to be stopped.
360,000 spear phishing email attacks were analyzed during the 3-month report. 83% of the attack was brand counterfeiting. These attacks attempt to impersonate a well-known company to obtain login information for the target and take over the account. They are also used to steal personally identifiable information such as credit cards and social security numbers. The report found that Microsoft and Apple are the two most common brands of these attacks.
BEC, also known as CEO fraud, is the second most common type of spear phishing attack (11%). Cybercriminals use this type of attack to pretend to be executives, requiring employees in the finance department or others to wire or obtain personally identifiable information. According to the FBI statistics cited in the report, although the proportion of BEC attacks is relatively small, the losses caused since 2013 have exceeded $12.5 billion.
Practical Tips for Avoiding Spear Phishing Attacks
As we know, spear phishing attacks are harmful and can cause financial & data loss. We need to find the effective way to prevent them. Preventing spear phishing attacks means deploying technology and conducting user security training. There are many things we can do.
1. Make full use of artificial intelligence
Search for a solution that detects and blocks spear phishing attacks, including BEC and brand spoofing that may not contain malicious links or attachments. Keen tools are needed to catch potential threat. Gladly, machine learning tools can analyze communication patterns in an organization’s organization and discover any anomalies that may indicate an attack. Stop attacks before they can do any harm to you.
2. Traditional Security Measures are not enough
Traditional email security measures that use blacklists to detect spear phishing and brand spoofing may not protect against zero-day attack links in many attacks. The hackers change their schemes and update their attack tools constantly to bypass traditional security measures. Therefore, you need more security protections.
3. Deployment account takeover protection
Look for tools that use artificial intelligence to identify when an account may have been compromised, and avoid more spear phishing attacks from these accounts. Using a reliable password manager to manage and secure your digital property.
4. Implement DMARC verification and reporting mechanisms
DMARC verification helps prevent domain name fraud and brand hijacking, two common tactics in spoofing attacks. It protects you against unexpected at higher level.
5. Use multi-factor verification
Multi-factor authentication adds extra layer of security to a simple username and password, which is an efficient security measure. Even though hackers grab your password, they still can’t access your account without the second authentication. You can use your phone or Google to generate secure code for you.
6. Train employees to identify and report attacks
It is not enough that only the leader of a team takes actions to prevent attacks. Training employees to know how to identify and report spear phishing attacks is important. Business can simulate phishing attacks on email, voicemail, and text messages to train employees to identify them. They should also implement procedures to confirm any requests for funds sent via email.
7. Conduct an active investigation
Employees may not always recognize or report spear phishing attacks as these attacks are highly personalized. It is necessary for businessmen to regularly search for emails that contain common hacker content, including subject lines related to password changes. Password manager will help a lot.
8. Minimize data loss
Businessmen can make use of VPN and advanced security tools etc. and company policies to make sure that emails or messages that contain confidential or sensitive information are blocked and not left the company’s server.
Published by Emerson L. Sullivan & last updated on March 25, 2019 9:14 am