Security Concerns of Phishing Attacks
I am re-visiting the security concerns of phishing attacks in this posting. These remain the largest vector for delivering malicious software, such as ransomware attacks. The reason that it remains the preferred method of attack in many cases is that it works: People are still opening those phishing emails, and clicking on those links.
Training employees to recognize phishing emails should be an ongoing process for all companies. By periodically reminding them of the dangers, and what to look for, it keeps the idea fresher in their minds, and hopefully, they will be more on the alert for these dangerous attacks. Also, as those conducting such attacks are getting evolving, also, and getting more sophisticated. These attacks are increasingly using more targeted approaches, and are less obvious that they are not legitimate.
Many use such things as having links to websites that are only a letter, or so, off from the legitimate site. If the legitimate site is a “.com”, for example, the nefarious site may be a “.co”. Or, if the site is something like “mybank.com”, then the fake site might be “mybank-info.com”.
By making data security an ongoing process, your employees will not only have it kept fresh in their minds, but they can also be trained on how to spot the increasingly sophisticated attack emails. The more likely that they are to think about it before opening an email, or clicking on a link, as well as being better able to spot emails that just are not quite right, the safer your data is. The bad guys are not taking it easy, so that means that the rest of us have to constantly keep our guard up.
Dave.