One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2040597 |
| Date de publication | 2020-11-17 18:14:00 (vue: 2020-11-17 20:05:37) |
| Titre | Phishing awareness and phishing training explained |
| Texte | There is no more effective initial attack vector than phishing. With an ability to reach well-within your organization’s logical perimeter all the way down to an individual user’s Inbox with some form of malicious content, phishing has proven to be a challenge to organizations working to maintain a proper security stance. On top of this, phishing attacks have some pretty impressive accolades: Phishing scams focused on Business Email Compromise are the initial attack vector in 60% of cyber insurance claims 61% of successful phishing attacks have resulted in compromised credentials Phishing accounts for losses of $17,700 per minute The exponential growth seen this year with phishing attacks and their success is extremely dangerous when combined with operational shifts to users working from home, using personal devices and lowering their sense of corporate vigilance as part of trying to find a work/life balance. The use of social engineering techniques such as domain, brand, or user impersonation augment the credibility of phishing scams at a time when the user’s sense of defenses is at an all-time low. The current state of both cyberattacks and lack of cyber-readiness dictates that your organization look to elevate its security stance by making its users more aware of phishing attacks, the methods used, and the repercussions of attack success. What is phishing awareness? First off, it’s important to differentiate phishing awareness from security awareness. Security awareness programs and training seek to create a security culture within an organization – of which, being aware of phishing attacks plays a role. Phishing awareness is more laser-focused in on the what, why, and when of phishing attacks and how to avoid becoming a victim. Common types of phishing attacks Phishing attacks utilize a number of mediums, leveraging common tactics to get potential victims to respond in the desired fashion. Some of the mediums include: Phishing (email) – Most people familiar with phishing instantly think of email as the medium. It’s the easiest method to get the undivided attention of their intended victim en masse using automated tools to hit literally hundreds of thousands to millions of individuals with a single click. Spear Phishing (email) – Attackers intent on targeting certain companies, industries, or even individuals will send out phishing attacks created specifically for that victim. Whaling (email) – Whaling attacks are spear phishing campaigns targeting executives, generally using only social engineering techniques to trick the C-level exec into becoming a victim. Vishing (phone) – Phone calls can be a viable medium to trick individuals into resetting passwords, giving up credit card details, and more. Attackers have gone as far as to use deepfake audio – a technology that allows them to sound like anyone they want, including your CEO – to trick users over the phone. SMiShing (text message) – Similar to email as a means of getting directly to the victim in question, SMiShing uses text messages to direct victims to websites intent on infecting mobile devices, stealing online credentials, or obtaining personal details. |
| Envoyé | Oui |
| Condensat | $17 000 700 ability accolades: accounts actors actuality all allows any anyone anywhere; are aren’t assumed attack attackers attacking attacks attacks attacks: attacks; attention audio augment automated avoid aware awareness away bad balance based becoming begin being benign better both brand breakroom budget business businesses but calls campaigns can card ceo certain challenge claims classroom click combined comes common communications companies company component compromise compromised content corporate counterparts craft create created creates creating credentials credibility credit critical culture current cyber cyberattacks cybercriminal daily dangerous data deepfake defense defenses demographic designed desired details determine devices dictates different differentiate differing direct directly domain done doomed down each easiest educating education effective effectiveness elevate email end engaged engineering essence etc even every exec executives expertise explained exponential extremely failed fall familiar far fashion feedback find first focus focused form frequency from functionality generally geographies get getting giving going gone good growth has have help helping hit home how hundreds identify impact impactful impersonation implement important impressive improve inbox include: including individual individuals industries industry infecting initial instantly insurance intended intent involved isn’t it’s its key know lack larger laser laws layer legitimate less level leveraging like literally logical look loop losses low lowering maintain making malicious many masse may means medium mediums message messages method methods mile millions minimize minute mobile more most need note number obtaining obvious off offerings once ones online only operational opinion org organization organization’s organizations other out over part parts passwords paying people per perimeter personal phishing phone place plays poll possibility posture potential pretty problem product programs proper proven providing question reach readiness really recent regulation repercussions resetting respond resulted role same scam scams security see seek seem seen send sense service shifts shows similar simulated single size sizes smaller smishing social solutions some sophistication sound spear specific specifically spectrum spot stance state stealing stopping strong subject success successful such tactics target targeting targets techniques technology testing text than them they’re think those thousands time tools top trained training trick trying two types undivided use used user user’s users uses using usually utilize vector vertical verticals viable victim victims vigilance vishing vulnerabilities want way weakest websites well whaling what what’s when where which why will within work/life working year your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.