Skip to main content

What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

What is Spear Phishing?

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. The main difference betwen Phishing and Spear Phishing, is Spear Phishing is very precise and very targeted in nature. 


How can you prevent any potential damage of phishing to your brand? 

  1. Develop and run in-house internal user awareness program to computer security regularly
  2. Over communicate the risks and dangers of phishing to your external customers and suppliers
  3. Buy all possible spoofable domain names to protect themselves and their suppliers and customers. To make things worse, all web url and email are underlined
    • user@woman.com become user@vvoman.com  (w is replaced by double v)
    • www.woman.com become www.wornan.com (m is replaced by r & n)
    • www.catgirl.com become www.catqirl.com (g is replaced by q)
    • www.google.com become www.qooqle.com (g is replaced by q) 
    • It is expensive exercise to do. There are endless combination of these domain.

How can you do to migitate the risks of the impact of phishing?

  1. Change password at least once a year
  2. Enable 2FA/MFA for your email accounts (via sms or mobile apps authenticator)
  3. Enable Windows Defender Browser Protection for Google Chrome Browser
  4. Enable mail identity protection on your mail server
  5. Install a reliable and effective endpoint security software for your PC or Notebook. We recommend that you can try Kaspersky Endpoint Security Cloud Plus. It has Mobile Security and Security for Microsoft Office 365
  6. If you are using Office 365 (O365) or Microsoft 365 (M365) then you should enable Office 365 Advanced Threat Protection. It has Safe Links, Safe Attachments and ATP anti-phishing protection
  7. Put in internal control checks to manage any external request to change bank account number
    • Check Domain with Domain Dossier https://centralops.net/co/DomainDossier.aspx 
    • Insist on Offical Signed and Stamped Document   
    • Land Phone Verification 
      • Use a verified telephone number taken from namecard
      • Do not use the telephone number taken from the email

Comments

  1. rajeshdesa11 March 2022 at 20:41

    This link on financial services was very useful for my search. If you are interested to invest in Cgs Cimb then ADDX financial services helps you.A short-term debt instrument commonly issued by corporations to finance operating expenses and near-term obligations.

    ReplyDelete

Post a Comment

Popular posts from this blog

The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools. Whether a company is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. SME Cyber Security Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats. To know more CyberSecurity  https://www.winpro.com.sg/it-security/ IT Support, IT Company, IT Services Win-Pro S
1 comment
Read more
Have I Been Pawned?   Check whether your email address that has been compromised in a data breach AbuseIPDB : Provides reputation data about the IP address or hostname BrightCloud URL/IP Lookup : Presents historical reputation data about the website Desenmascara.me : Flags websites suspected of selling counterfeit products FortiGuard lookup : Displays the URL’s history and category Google Safe Browsing : Look up the website’s current status hashdd : Provides historical data about IPs, URLs, etc. IBM X-Force Exchange : Provides historical data about IPs, URLs, etc. Joe Sandbox URL Analyzer : Examines the URL in real time Is It Hacked : Performs several checks in real time and consults some blacklists IsItPhishing : Assesses the specified URL in real-time Kaspersky Threat Intel Portal : Looks up the IP, URL, or domain in a blacklist Norton Safe Web : Presents historical reputation data about the website Palo Alto Networks URL Filtering : Looks up the URL in a blacklist Phis
Post a Comment
Read more