Phishing is a social engineering technique that
manipulating people to perform some actions as the attacker wants. The attacker
prepares an e-mail as if it was sent from a known individual or organization, and
leads the victim to click on a link that will take the user to a malicious
website or download some malicious file, or to a fraudulent website that
appears legitimate so the victim enters his username and password or some more
individual information about himself.
Phishing is a very successful technique because people do not visit websites carefully or they do not have much time to be more careful, to investigate about the website or e-mail. One of the reasons may be that they did not become a victim before, or maybe they do not know even if they were. People easily trust brands and/or logos and influential texts. There is a lack of information assurance knowledge.
How Does Phishing Works?
Countermeasures
The most effective defense against phishing is creating user awareness. One
employee that you do not improve his awareness can cause to be hacked.
“You are as strong
as the weakest link in your defense system” Sun Tzu
Do
not let your clients use company e-mail addresses in Internet for personal
usage. Spammers search internet for the e-mail addresses used by company to send
the spam mail to more users.
Never
respond to spam, or click on “unsubscribe” links from questionable sources.
Make
sure your antispam solution works J
Use
Proxy servers in company, for clients’ internet usage. A Proxy server that has
a dynamic scanning feature can decrease the possibility to be hacked by
phishing. Even if the user opens the link in the e-mail, the Proxy would not
let him to enter the website.
Even if it is not enough for your security, ensure that all employee’s
PCs, and antivirus agents are up to date.
