Phishing is one of the oldest scams of the Internet age.
More than 20 years ago, criminals were trying to trick AOL users into giving up their passwords by threatening to delete their accounts unless their billing information was verified. Later, hackers would pose as overseas multimillionaires who needed your help to wire $5 million to family in our country.
Methods have changed over the years, but phishing attacks are happening more than ever.
A new report from IBM found that, on average, more than 13,000 new phishing sites appeared each day in 2016.
Everyone claims to be able to spot a phishing scam a mile away. Everyone says they know not to click links or open attachments in suspicious emails. But they fall for these scams anyway.
Cybercriminals have become more sophisticated.
Not only do phishing scammers use official logos of major brands and organizations, but they’ve become masters at the art of persuasion.
They prey on emotions. They use fear and intimidation. They pretend to be customer support from a trusted brand, or a charity organization in need of help. They also know how to target their attacks, whether they go after entire organizations, the C-suite or the finance department. They spoof display names to make it appear that the email comes from the boss, a client or a friend.
For example, the IRS has issued repeated warnings about phishing emails that appear to come from company executives requesting every employee’s W-2 information. The attackers use the information to file bogus tax returns and obtain fraudulent refunds.
The number of ransomware attacks, which are carried out almost exclusively through phishing emails, has exploded in recent years.
Hackers know many organizations and individual employees would rather pay a ransom and have data restored than deal with the fallout from permanent data loss and a highly publicized breach.
Many phishing attacks are intended to get employees to reveal their user credentials.
Once hackers have access to the corporate network, they can figure out how to access other systems, cover their tracks and go after high-value targets. In fact, nearly two-thirds of security breaches involved compromised credentials, according to the 2016 Verizon Data Breach Incident Report.
There is no magic bullet that will stop phishing attacks, but you can get better at identifying suspicious senders, links and attachments.
This requires a layered approach to security that combines policy-based authentication with software that’s capable of learning email addresses and domains and remembering the actions taken for each one.
Palo Alto Networks recently introduced enhancements to its Next-Generation Security Platform, a multi-layered security solution that uses a next-generation firewall to automatically detect and block phishing sites.
To stop users from exposing their credentials in phishing attacks, the Next-Generation Security Platform will recognize the movement of credentials in network traffic and drop the traffic before credentials are submitted. It also uses multifactor authentication to prevent the use of stolen credentials to access sensitive network resources.
Educating employees about phishing attacks will help, but even the most tech-savvy folks are being fooled by modern scams.
Let Technologent show you how the Palo Alto solution reduces the risk of phishing attacks and prevents hackers from abusing stolen credentials.