Webinar by Bob Weiss on Cybersecurity: Anatomy of a Phishing Exploit on 25th January
Webinar Event Schedule:
Topic: Cybersecurity: Anatomy of a Phishing Exploit
Date: 25th January 2022
Time: 1:00 PM — 2:00 PM EST
Host: Mr. Bob Weiss
Experience: 20+ years
Registration Link: https://www.vinsys.com/webinar-summary-Phishing-Exploit-Anatomy
Other Upcoming webinars: https://www.vinsys.com/webinars
Phishing attacks have become very common in the cybersecurity vertical. According to a survey by Statista, 74% of organizations based in USA experienced a phishing attack in 2020. Whereas 54% of people were hit virtually by the phishing attack in Japan. These statistics prove that 2020 witnessed the most frequent attacks, especially in third quarter. Mongolia was on the top on receiving phishing attack at the rate of 15.54% in one quarter. Furthermore, 24.9% of phishing attacks were targeted to the financial institutions in 2021. The social media industry was on second number at 23.6% to be a prey of these unsolicited cyberattacks.
Detailed insights into cybercrime and phishing attack
Reports state that 91% of the cybercrime is initiated by an email. There are several groups like Ryuk, WannaCry, Gandcrab and many others that are responsible for the most notorious ransomware attacks. Phishing attacks are generally the inception of more complex cyber-attacks. It is vital for the defenders to decipher the anatomy of a phishing attack to pave a defence strategy to alleviate vulnerabilities and reduce the intensity of the attack. As soon as the phishing URLs are detected faster and more accurately, there will be lesser chances of the attacker to proceed with further attacks. Let’s understand in detail about the intricacies of a phishing attack.
What is a Phishing Attack?
Phishing is basically a virtual social engineering attack that is often conducted to steal the user’s data which may include credit card/debit card numbers and login credentials. This even occurs when the attacker is in disguise as a trusted entity that tricks the user in opening an email or text message. The recipient is then duped in clicking on that malicious link, leading to an automatic malware installation. The system freezes and there is a high risk of leaking of sensitive information.
A phishing attack can lead to devastating results faced by individuals and businesses. In case of individuals, the attacker can try to steal funds, purchases and login credentials. Phishing attack in corporate world and governmental networks is unfortunately very common. Larger attacks take place by an advanced persistent threat (APT) event. The employees are compromised to distribute malware in the fortified environment, bypass security perimeters and gain special access to secured data.
Any organization that succumbs to a phishing attack tends to sustain severe financial losses leading to a decline in market share, goodwill and customer base. It depends on the scope of the phishing attack, that if it escalates then the business will have a hard time in recovering substantial losses.
Here’s an example of a common phishing attack attempt:
A spoofed email deliberately sent with the source name myuniversity.edu distributed collectively to almost all the faculty members. The email claimed that the password of the user is about to expire. Instructions were given to visit the myuniversity.edu/renewal page to renew the password within 24 hours.
This is a clear act of phishing where the user is pressurised to fall into the trap.
Measures That Can Prevent Phishing:
Both the users and the organizations have to take precautionary measures for protecting themselves from a phishing attack.
Users should be mindful in opening any mail, the key is to not spontaneously open the mail/message and think twice. They should be vigilant about the spoof message that might appear to be unusual and can lead to the exposure of its identity. Look out for spelling mistakes, slight change in the domain names or any other difference. Basically, before opening any email, give it a thought that why are they receiving such an email.
Organisations should integrate the following steps in order to mitigate both phishing and spear phishing attacks:
- Two-factor authentication (2FA) is one of the most efficacious methods to counter all kind of phishing attacks. In Two-factor authentication method, extra verification layer is added as soon as you log into sensitive applications. Two-factor authentication method requires two things from the users like something they know like a password or user name or something they possess like a smartphone. Even when the employees are compromised the Two-factor authentication method does not use the compromised credentials.
- Additionally, using Two-factor authentication method empowers the organisations to incorporate strict password management rules. For instance, employees might be required to change their passwords and use different passwords for different applications.
- Conducting educational campaigns will also help in eradicating the phishing attacks threat by integrating secure practices like not clicking on suspicious external email links.
Educating employees, students and enterprises regarding how a phishing attack takes place and how it can hamper an entire business is paramount. Having said that, Vinsys is conducting a webinar on 25th January 2022 on the topic Cybersecurity: Anatomy of a Phishing Exploit. This extremely informative webinar will be hosted by the esteemed Bob Weiss. He holds a profound knowledge in cybersecurity and other related sectors.