Post on 26-Aug-2014
description
Be A Little More Secure This New Year And Avoid Phishing Attacks
Holiday season is here and everyone is excited about gifts, shopping and leisure time. Season’s sales has soared to $602 billion and online sales is going upward of $60 billion. The fact that online sales are high and it’s a holiday season
hackers are on their toes to get the most out of it.
Visit Blog
07/04/2023 2
What Is A Phishing Attack?
SmartSignin| Be A Little More Secure This New Year
Phishing is a way for hackers to take advantage by disguising as a trusted source and luring the person to reveal his/her crucial information. A common medium used in this process is Email.
07/04/2023 3
How Phishing Works?
SmartSignin| Be A Little More Secure This New Year
Victim gets a professional looking email which asks them to take a particular action like stopping the account termination or stopping a financial transaction which never actually took place.
Realizing the urgency of the situation user doesn’t double check the authenticity of the email and takes the action as specified thereby exposing themselves to serious threats.
Mostly of these emails are targeted to obtain the user’s login credentials of banks and other financial services.
EXAMPLES OF PHISHING
07/04/2023 5
Phishing email from Apple
SmartSignin| Be A Little More Secure This New Year
An authentic looking email from Apple.
07/04/2023 6
Phishing email from Paypal
SmartSignin| Be A Little More Secure This New Year
Yet another professional looking email from PayPal which is actually a phishing email.
SOME COMMON TRAITS
How to identify and check the authenticity of the email.
Check the sender of the email:
If you’re getting an email from Apple but thesender’s address is @gmail.com or@live.com then it’s a clear sign of potentialthreat.
Personalization is always absent in such emails. Hackers send these emails in bulk hence they can’t personalize it. They will mostly address you as ‘Dear Member’ or ‘Hi there’ etc.
If the offer is too good to be true then it’s not true:
Nobody has left a ton of money for you. You won’t get a brand new iPad for free or at dirt cheap price. Beware of such claims as these are mere tactics to lure you in.
No financial institution asks for your access credentials via email:
Don’t share your credentials. If you smell something fishy, call your bank directly and ask them if they have sent out such emails.
Avoid downloading attachments from unknown senders:
Unless you are expecting one, avoid downloading any attachments from unknown senders.
Use updated antivirus, firewall, spam filters to block
viruses and spywares.
If you did click the link in the phishing email double check the URL of the page you are taken to. The fake URLs looks similar to the real URL but are entirely different. For example, http://www.apple.login-user.com might look like the user login section of Apple but it’s actually a phishing URL.
Check the URL of the landing page:
Don’t enter your login information in a pop up:
It’s a common tactic for hackers to redirect a user to the real website but a pop up will open up as soon as you reach the website which will ask you to enter the login credentials. This makes the user think that the real website is asking them to enter their login credentials.
Image from CNN e-mail phishing attack, 2009
Look For ‘s’ in http
Websites having https in their URL are secure so always make sure that you are on a secure website before entering your critical information.
How To Protect Your Organization From Phishing Attacks?
Recently, twitter accounts of many different media websites have been compromised by hacker groups.
This was done with the help of social engineering, starting with the phishing attacks targeted towards the employees.
Human has always been the weakest link in the security and hence if one employee falls for it, a domino effect is automatically initiated.
1
The first and foremost step to protect your organization is to enforce strong policies among the employees.
STEP 1 - Enforce strong policies
Second step calls for regular training of employees on the basics of web security so they can uphold the security best practices and protect the company’s resources.
2 STEP 2 – Following Best Web Security Training & Practices
Third stage is to implement a secure Identity & Access Management system to ensure that employees can access company’s resources that are relevant to their work.
Moreover an IAM system helps administrator to give access to the employees without letting them know the access credentials and hence phishing attacks cannot be successful.
Apart from this, administrator can also monitor and maintain the logs of when, how and from where an employee accessed a particular resource thereby keeping a tab on all the activities.
2 STEP 3 – Implement Secure Identity & Access Management System
Want To See How Identity & Access Management Tool Can Help Your
Organization?
Be a little more aware this holiday season. Happy New year!!
To understand the presentation in depth read the following article –
Be A Little More Secure This New Year
If you have any queries or feedback, contact us by filling up the form on the following link Contact SmartSignin
About SmartSignin
SmartSignin is a Single Sign-On and Identity & Access Management suite that helps in managing the online identities and the access of employees, customers and partners to the company resources. SmartSignin is a product of PerfectCloud Corp.
Being an Identity Management service provider, SmartSignin works on a unique patent-pending SmartKey algorithm which allows users to manage their own decryption keys for their critical data. This architecture provides users with complete security and privacy. To know more:
Visit SmartSignin Website