With security breaches occurring constantly, some of the ones to look out for are the email attacks coming into your mailbox. Currently attacks such as phishing, spear phishing, and whaling are on the rise. In order to bring light to these attacks, it is key to understand what they are, and how to prevent them.
Phishing: “In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.” – Wikipedia.com
Spear Phishing: A much more targeted attack on a target. Usually the targets are linked to vital information, such as checkbooks, SSN’s, and credit card numbers.
Whaling: These are possibly the worst. Executives and “big fish” in the company are targeted for their passwords and vital information.
According to a recent article on blogtalkradio.com, “Criminal Hackers Clean Out Bank Accounts Using Spear Phishing”, attacks like these are increasing by at least 50%. Phishing attacks are powerful and can damage bank accounts and identities in days. The article discusses a case where $440,000 was taken over the course of five days without the account owners even knowing.
These attacks are usually in the form of emails, which can even look like company documents. Once the user clicks on any link which appears to be from the “important” source, a virus is usually downloaded and allows the attacker to see all of your user data. There are even instances when these viruses will attach to the user’s web browser, and allow the attacker to see all sites visited, including personal sites, such as online banking.
So with this information it is key to also offer some solutions to these attacks:
Have anti-virus protection installed in your computer
Look into getting a Credit Freeze
Check your bank statements often and keep track of financials
Finally, the obvious solution is to not open emails that you don’t trust, no matter what. Recently at PistolStar we addressed this exact issue with the U.S. navy. The government, as an industry, relies on their information being secure. Recent regulations have now required that all government emails contain a digital signature, to verify the sender. Basically if it is not signed, it is not trusted. We created an Email-Signature Plug-In that signs all outgoing unsigned emails, to make sure the receivers know who the email is from, and that they are a trusted sender.
With the implementiation of such plug-ins, regulations, and solutions the number of attacks will hopefully decrease. The key is to make sure that you and your company are secure and protected, and remember….