Today, phishing attacks are the most popular way for cybercriminals to steal personal information and funds. Phishing attacks are the real crime of the 21st century.
Phishing (translated from English – “fishing”) is a set of cyberattack methods, the purpose of which is to force the user to take the actions necessary for the attacker.
Employees in the company face virus attacks and cyber fraud online and can become victims of criminals. These can be letters sent to the mailbox from allegedly employees of the company, from some travel agency about hot vouchers to Turkey, a comment on a post on social networks containing a link that takes you to a phishing page, discounts in stores on holidays, advertising a phishing site on the Internet, a letter in email about undelivered messages, phone calls and SMS messages. What do all of these phishing cyberattack methods have in common? Their common goal is to fraudulently obtain confidential data of company employees: their credentials, documentation, reports, company software, databases, and use them for criminal purposes, causing financial and reputational damage to the company.
one
What are the dangers of phishing cyber attacks
for small and medium-sized businesses?
Today, there is a trend towards a significant increase in the number of phishing attacks targeting small and medium-sized businesses. Why are these business segments targeted by hackers? Small and medium-sized businesses are the least protected in this regard because, for the most part, they do not apply any preventive measures to protect their organization from cyber attacks and to increase the level of cyber literacy of employees. Because of this, the number of successful phishing attacks against small and medium-sized businesses is increasing. Taking this into account, it is only natural that small businesses experience the maximum severity of such attacks, and attacks using ransomware viruses pose a particular danger to them.
Everyone remembers the Petya 2017 virus, which was used by cybercriminals to attack enterprises in many countries around the world? This is a ransomware virus – a malicious program that, when it enters a user’s PC or smartphone, encrypts important files: documents, spreadsheets, images, video files, pdf documents. The main problem faced with such viruses is the inability to decrypt files on our own, since the distributors of ransomware viruses use complex encryption schemes and completely delete the original files, and money is required to “restore” access to files. Very often, a virus, having hit one PC of a company, infects others through the local network of the enterprise. It can be picked up very simply. Most often this happens through mail attachments in letters disguised as a recipient familiar to the user, letter from bank, etc. The letter contains frightening or interesting information, which contains a request to pay a bill or make an accounting reconciliation, follow a link, or install some software. Having obtained access to the information of small and medium-sized businesses in this way, fraudsters can use it, for example, to penetrate the network of large companies, the counterparts of which is the attacked small and medium-sized business.
In the case of a successful cyber attack, the worst consequence for small and medium-sized businesses: loss of data, funds from accounts and reputation, which in the vast majority of cases leads to the closure of the company. Therefore, small and medium-sized businesses should be more serious about protecting their personal information and not only know the enemy by sight, but also be able to defend themselves correctly so as not to fall into his clutches.
Types of phishing
- Spear phishing is a targeted hacker attack on a specific person or organization, the purpose of which is to obtain personal user data. Targeting a specific victim is the main distinguishing feature of spear phishing.
- Clone phishing is a type of attack in which scammers use ready-made emails from well-known companies as a basis and replace links or files with malicious objects.
- Mobile phishing is a phone call (vishing) or SMS message (smishing) in which a fraudster tries to convince a company employee to transfer money to the fraudsters’ account.
- Pharming – disguising a fake site as the original and hidden redirecting a user to a clone of the original site in order to obtain her confidential data.
In the case of spear phishing, the attacker first collects information about the target and, depending on the target of the attack, this can be: email address, names of colleagues, acquaintances, partners, hobbies, targets, purchases in online stores, etc. After that, based on the data received, the fraudster prepares a phishing letter or a fake website. A sense of urgency and persuasion can be created in the body of the composed message to compel the victim to take the necessary action. An employee of the company opens the received phishing email via corporate email, and in the email he can read the advertising text or a message from the support service, the bank, designed in such a way that the employee goes to a fake site, opens an attachment, or does anything else that the attacker needs. Anything can be suggested in the text of such a letter. The attack is considered successful if the victim has done what was required in the letter. By following the lead of a fraudster, an employee can harm the company. This is expressed in the theft of confidential company data: documents, account data, databases, theft of intellectual property.
In the case of clone and mobile phishing, the preparatory stage is slightly different from both targeted phishing and between the two options. Clone phishing is not targeted at a specific victim. It is aimed at a wide audience of users. The bottom line is that attackers take as a basis a real letter from a well-known company, bank, etc., replace the original links in it with false ones, which are transferred to a false site or contain malware.
Mobile phishing, in turn, can target both a wide audience and a specific employee of the company. Have you ever received a call from an unknown number, posing as employees of a bank or state services, saying that you have not repaid a loan or you have violated traffic rules, but you do not have a car and you did not take a loan? If such a case was, it is an attempt at a phishing attack. SMS phishing is the evil twin brother of phone phishing, which performs the same actions as phone phishing, but using SMS messages, adding malicious links to them.
When using pharming, attackers prepare a fake site, indistinguishable from the original, to which they redirect the user through a redirect.
If you have ever faced the fact that after logging in to the online bank you received a notification that your account was compromised, and its state was equal to zero, then you have become a victim of farming.
Therefore, in order to avoid the above cases, it is necessary to improve the anti-phishing protection of companies by increasing the level of knowledge in the field of information security of employees of enterprises in different business segments.
What is anti-phishing?
Anti-phishing is anti-phishing software.
There are the following types of anti-phishing:
- Personal anti – phishing is anti – phishing software. The principle of its operation is as follows: a browser installed on a PC or smartphone notifies the user that he has come to a suspicious site created to implement the goals of scammers: collecting logins and passwords to payment systems, Internet banking, bank cards, etc. .d. All modern anti-virus programs and Internet browsers contain an anti-phishing function. These programs automatically check and block links to known dubious sites, warn you about entering suspicious pages. The anti-phishing function determines the authenticity of the site and thereby ensures the safe use of the Internet by the user. Mobile operating systems also check downloadable applications for malware.
- The email filter is a program that is installed on the mail server. It identifies messages by their content and finds spam and phishing emails. Today, phishing emails are good at copying legitimate messages. But despite this, it allows you to weed out most phishing messages.
How does phishing
and malware protection work ?
Anti-phishing and malware protection checks the sites you visit, helps to determine whether the site is fake or not, and the presence of virus software on it. Also, when downloading a file from a fake site, the browser cancels it. After that, he asks the user if he wants to download the suspicious file.
Also, before installing any program, if it is published by an unknown person or source, the operating system asks the user if he wants to install this program. To eliminate the risk of the above situations, company employees need to teach the basics of anti-phishing by training them on specialized platforms.
five
Anti
-phishing platforms Anti -phishing training for employees
There are many platforms around the world for training information security personnel. They can be used to train company personnel in cybersecurity. This will minimize the risk of illegal theft of confidential information and financial resources, disruption of the IT infrastructure and minimize damage to the company’s reputation.
General platform capabilities:
- Training in the format of courses and tests.
- Simulated phishing attacks to test and reinforce employee skills.
- Various types of reports: ratings of employees, departments, the entire organization; action statistics; data on the vulnerabilities of the software used on the employee’s work computer.
- Regular assessment and training of employees.
The practical part.
A necessary element of the program is the development of acquired skills. It takes place in “combat conditions” – at the workplace in the postal system installed at the enterprise. To implement this training system within the company, you must first prepare the infrastructure.
Next, you need to configure the receipt of a report on unsafe actions of employees. The point is to track which users opened the email and followed the malicious link, and which opened the attachment. It is important to track user actions that are required by fraudsters when sending malicious attachments.
After the implementation of the technical part, it is necessary to organize the correct content filling of the letter templates. System administrators track examples of digital attacks and simulate training attacks based on real-life examples. In this case, the learning environment will be close to reality.
In summary, each company needs to have its own anti-phishing system and increase the cyber literacy of its employees. This will allow in the future to exclude the loss of information, financial and reputational damage to companies.