PHISHING

Phishing

Anyone who has ever used PayPal or does their banking online has probably received dozens of emails with titles such as, "URGENT: Update Account Status". These emails are all attempts by a spammer to "phish" your account information. Phishing refers to spam emails designed to trick recipients into clicking on a link to an insecure website. Typically, phishing attempts are executed to steal account information for e-commerce sites such as eBay, payments processors such as PayPal, or regular financial institutions' websites. A phishing email supplies you with a link to click on, which will take you to a page where you can re-enter all your account details, including credit card number(s) and/or passwords. Of course, these sites aren't the actual bank's site, even though they look like it.

Your company's mobile phones may not be safe either, as SMS messaging is now frequently used as a new type of phishing called SMiShing. Once the SMiShing, is successful, other malware such as Trojans are sometimes released onto the mobile phone. These Trojans then make silent high cost text messages which go onto the sender's bill.

Some criminals are also using VoIP or VoIM software to send vishing messages. These try to confuse people into calling the provided number - usually an automated VoIP Call-In number - and revealing credit card details, which are recorded in audio form.

Prevention
Phishing in all its varieties is a huge and growing problem for network security managers and business owners. As we all become more interconnected and access more and more personal information through networks, there become more and more opportunities for phishers to attack. To protect one's network, it is becoming increasingly vital that you educate your employees about the most common ways in which hackers try to phish your account information. Even though simplistic phishing attempts like the PayPal scam now seem obvious to regular internet users, a single phishing attack can compromise an entire network's security if the employee is tricked into giving his network account information. Even after educating your work force, you should consider adding a header to your network browser that reminds users never to enter personal information solicited through an email, and you should certainly use a sophisticated email filter to limit the number of phishing attacks that your employees must navigate around.

No comments:

Post a Comment