What is a Phishing Attack?
A phishing attack is a tool used by cybercriminals to gain sensitive information including passwords, usernames, and credit card information. Phishing attacks occur through mediums such as social web sites, auction sites, banks, and email, where the attacker reaches out to unsuspecting victims asking them for the information they are seeking. To carry out a phishing attack, attackers disguise themselves as valid electronic communication entities in an effort to gain the victims’ trust.
Phishing attacks are an example of social engineering, which can be defined as the psychological manipulation of an individual that leads them to perform certain actions or provide confidential information. With the continued popularity of social media sites and email services, the threat for phishing attacks continues to grow. Attackers use the messaging and email capabilities of theses mediums to execute their phishing attacks.
Phishing Attack Examples
Phishing attacks first began occurring in 1996 and since then have impacted millions people from all over the world. A notable phishing attack took place in 2013, where the credit card information of 110 million Target customers was stolen via a phished subcontractor account. Another large scale phishing attack seemed eminent in 2014 when the home improvement chain, Home Depot, was stripped of the personal and credit card data of over 100 million customers. The exposed data, including email addresses and other personal information, was put up online for sale on hacking websites – leaving millions of Home Depot customers vulnerable to targeted phishing attacks.
Phishing Attack Detection and Prevention for Users
Phishing attacks are usually carried out through email spoofing and instant messaging. Email spoofing is the act of creating email messages that contain a forged or spoofed sender address. These emails and messages will either prompt the victim to confirm confidential information or link them to a fraudulent website that attempts to make the victim leak sensitive information. People can also become a victim of a phishing attack by clicking on a pop-up window and being redirected to a fake website where they provide personal information.
There are various ways to detect and prevent against email phishing attacks. First off, to avoid a phishing attack you should be sure to use caution when checking your email. Phishing attacks that use emails to lure victims are often from an unrecognized sender or are impersonalized. In addition, phishing emails sometimes use scare tactics or a sense of urgency in an attempt to get the person to act on impulse. Another safeguard against phishing attacks is to set spam filters to high. Even though might catch some legitimate emails, the more spam emails you are able to catch, the safer you are from phishing attacks. Furthermore, anti-virus software will assist in detecting and removing common malware from your computer.
To avoid a phishing attack when sharing information over the internet, the most important thing to do is to make sure you are on a legitimate website. Phishing attacks can involve victims being directed to a site that looks very similar to their intended destination, but are in fact fake. The best way to tell if a website is legitimate is by looking at the URL. When on the internet, make sure URL reads “https,” where the “s” at the end stands for secure. Moreover, when clicking on links or browsing the web, check the URL text carefully to ensure that you’re not viewing spoofed version of the website with a similar URL.
A last measure for avoiding phishing attacks is to configure privacy settings social media and watch who you talk to on social networking sites. Attackers often use social media sites to gain information that they can use in phishing attacks, such as where people work, their habits, and their family members and friends. Additionally, attackers can use this information to start a conversation with you, pretending they know who you are. Lastly, make sure to configure privacy settings to limit the amount of personal information you provide on social media.
Phishing Attack Detection and Prevention for Businesses
Detecting and preventing phishing attacks can be challenging for businesses. Organizations’ success in defending against phishing attacks requires a combination of employee education, coordinated policies for data security and incident response, and selecting the right data security technologies to detect and stop phishing attacks – such as endpoint detection and response solutions, data loss prevention software, and anti-virus/anti-malware technology, among others.
Advanced Threat Protection - Building a Kill Chain Defense
Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.