What threatens us in cyberspace?
Phishing: typology of threats
Phishing protection
What is anti-phishing protection?
Website protection
Company and online fraud protection
Conclusion
Learn more about cyber attacks and find out how to secure yourself - https://hacken.live/2BwYyOo
2. PHISHINGPROTECTION
Introduction
What threatens us in cyberspace?
Phishing; types of threats
Phishing protection
What is anti-phishing protection?
Website protection
Phishing protection tips: social networks
Brand and online fraud protection
Conclusion
TABLE OF CONTENTS
3. PHISHINGPROTECTION INTRODUCTION
What threatens us in cyberspace?
Phishing Activities Trend Report for the 4th quarter of 2017, “Unifying
the Global response to Cybercrime” requires special attention to
phishing. The Anti-Phishing Working Group affirms that “phishing is a
criminal mechanism that employs both social engineering and technical
subterfuge to steal consumers’ identity data and financial account
credentials.” The data proves that phishing is more than an important
issue which requires decent anti phishing protection measures.
Phishing; typology of threats
Mass Email Phishing: email is the most common source of phishing.
Clone phishing: happens when an attacker mimics a popular website that
usually requires login credentials.
Spear phishing: spear phishing aims at a specific group instead of
sending thousands of emails haphazardly.
Whaling, or CEO phishing: this attack targets high-level executives and
aims to access their email accounts.
Social media phishing: unlike email phishing, this type of attacks is
executed via social networks such as Facebook, Twitter, or Instagram.
Sending phishing messages on behalf of authorised accounts is another
widespread type of social media phishing.
Malware-based phishing:
fraud involving malicious
software. Malware can be
introduced via an email
attachment, USB-sticks,
or a downloadable file
from a website.
Staticstical Highlights
for 4th Quater 2017
October November December
Number of unique phishing web sites detected
Number of brands targeted by phishing campaigns
Number of unique phishing e-mail reports
(campaigns) recieved by APWG from consumers
65,509 54,322 60,926
86,547 87,744
323 268
61,322
348
42%
16%
15%
11%
3%
3%
3%
7% Payment
SAAS/Webmail
Financial Institution
Cloud Storage/Hosting
eCommerce/Retail
Telecom
Social Media
Other
4. PHISHINGPROTECTION
PHISHING PROTECTION
What is anti-phishing protection?
Anti-phishing protection is a set of essential preventative steps and
practices against cyber scammers. Usually, it involves anti-phishing
software, anti-phishing services, and social engineering training of
staff members to distinguish counterfeit websites and/or fishy emails.
Let’s review the main assets that phishers typically target.
Website anti-phishing protection
How to avoid website cloning:
Make your code safe — to safeguard your website, you need to encrypt
code. A group of highly skilled developers can easily manage
encryption and guard you against design & code theft.
Disable copy-paste — developers can protect the text of your website
from copy-paste by tweaking the script of your web pages.
Place copyright information on the website — the text of your website
should be protected by copyright, and its exploitation without your
permission should be illegal.
Get professional support—there are several tech firms that offer
anti-phishing solution and various anti-phishing service.
Code Updates: keeping software up-to-date is vital for the security of
your website. The code runs the operating system of your server and
other software that your website uses.
XSS protection: Cross-Site Scripting (XSS) inserts dangerous JavaScript
into your website code, which then runs on the applications of your
consumers. Ultimately, it may modify website content or transmit
confidential data to an attacker. One effective tool that fixes the
issues is the Content Security Policy (CSP).
Avoid uploading unknown documents & files: any uploaded files may
contain malicious scripts that damage the security of your website.
Apply HTTPS: this certificate supports the encrypted connection between
the web server and the visitor’s computer.
DNS-based phishing (“pharming”): pharming is an attack that strives
to redirect website traffic to a phishing website.
Man-in-the-middle phishing: by getting access to unencrypted
information between a sender and a receiver, scammers steal users’
data.
5. PHISHINGPROTECTION
Company and online fraud protection
For brand holders, the risk associated with phishing schemes and malware
go beyond those concerning the customer and business data — they also
damage brand equity and client trust. Online brand defense (including
social media brand protection) allows business owners to preserve the
reputation and client trust if someone attempts to use their brand for
profit.
Every company should develop a brand protection strategy– anti-phishing
ways and means to protect the safety of one’s brand in cyberspace.
Furthermore, companies should closely monitor the strategy application
and routinely update instructions concerning the security of users,
their private information, the implementation of online fraudulence
security, and the protection and preventative maintenance of vital
systems.
Education and training: To effectively counter phishing, companies
should educate employees to recognize it (e.g. checking domain names in
email links, looking for compliant URLs, utilizing verified software,
and following other anti-phishing techniques). The Wombat Security
report shows that 95% of interviewees have education programs and
anti-phishing training for end users. The majority of companies opt for
monthly and quarterly training cycles. The figure below shows the most
common anti-phishing training formats:
Update your software: Keep your software up-to-date: web browsers,
microcode, apps, antivirus software, OS, etc. Developers offer patches
and revisions as soon as they identify dangers.
Protect your domain name: A domain name is one of the most important
resources for a company. Therefore, you should keep it as safe as
possible. Here are some of the useful methods:
Use ‘spam traps’ to filter out emails that lead clients to phishing
websites;
Monitor the registration of brand-specific domain names which may be
used to host fake websites;
Deactivate phishing websites by notifying domain registrars or
hosting suppliers.
Computer-Based
Awareness Training
Phishing Simulation
Exercises
Awareness Campaigns
(Video and Posters)
In-Person Security
Awareness Training
Monthly Notification
or Newsletters
0 10 20 30 30 40 50 60 70
79%
68%
46%
45%
38%
80
6. PHISHINGPROTECTION Implement SPF: Sender Policy Framework (SPF) is an email authentication
tool created to discover and to stop spoofed or malevolent emails. SPF
can be enforced in two areas: Checking and Publishing.
SPF Checking helps you to determine whether the emails received by
your company come from a valid source.
SPF Publishing allows you to choose email servers that are accredited
to communicate with your firm via email.
Purchase Anti-Phishing tools: Investing in brand protection solutions is
never a bad idea. These are some instruments you can apply:
A gateway email filter protects you from phishing and decreases the
number of phishing emails.
Email authentication standard ensures the proper phishing protection
of your IT infrastructure. These practices include SPF and the Domain
Keys Identified Mail (DKIM) protocol, which authorizes users to only
receive cryptographically autographed emails. The Domain-based
Message Authentication, Reportage, and Conformance (DMARC) protocol
determines whether both SPF and DKIM standards are applied.
Further, web safety gateways prevent users from opening potentially
dangerous links. They function by checking whether requested URLs are
listed on an up-to-date database of websites suspected of
administering malware or forgery.
A functional firewall must be installed on all PCs and Servers
related to the firm. A firewall keeps the staff members safe from
unknowingly opening virus-bearing attachments or other malware.
7. PHISHINGPROTECTION CONCLUSION
Phishing is a type of scam which involves defrauding people aiming to
steal personal data: customer ID, IPIN, Credit/Debit Card number,
Debit/Credit Card expiry date, and CVV number, etc. Phishers are
well-organized and apply different techniques to mislead companies and
their clients. As phishing attacks happen more frequently, anti-phishing
protection is a necessity — it guarantees the security of a company’s
name and gives its employees certain skills to counter offenders.