24 November 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,046,020Views 62Comments

How to win the War on Phishing

04 December 2014  |  2225 views  |  0

A phishing attack is a trick e-mail sent randomly to perhaps a million recipients, and the thief counts on the numbers game aspect: Out of any given huge number of people, a significant percentage will fall for the trick.

 

The trick is that the e-mail contains certain information or is worded in such a way as to get the recipient to click on the link in the message. Clicking on the link brings the user to a website that then downloads malware.

Or, the website is made to look like it’s from the user’s bank or some other major account, asking for their account number and other pertinent information like passwords and usernames; they type it in (and it goes straight to the thief). Sometimes this information is requested straight in the e-mail’s message, and the user sends the information in a direct reply.

The Google Online Security Blog did some analysis of phishing e-mails and came up with the following:

Malicious websites really do work: 45 percent of the time. As for getting users to actually type in their personal information, this happened 14 percent of the time. Even very fake looking sites went over the heads of three percent. Three percent sounds like peanuts, but what’s three percent of one million?

Hasty hackers. Once the hacker gets the login information, he’s into the victim’s account within 30 minutes 20 percent of the time. They may spend a lot of time roaming around in the account, which often includes changing the password to keep the victim out.

Those strange e-mails. Ever get an e-mail in which the sender is a very familiar person, but the message was also cc’d to a hundred other people? And the body message only says, “Hi there!” and then there’s a link? This is likely an e-mail from the victim’s e-mail account (which the hacker knows how to get into), and the thief copied everyone in the victim’s address book. Recipients of these phishing attacks are 36 percent more likely to fall for the ruse than if the attack comes as a single message from an unfamiliar sender.

Fast adaption. Phishing specialists are good at quickly changing their strategies to keep up with changes in security.

The Google Online Security Blog recommends:

  • Not all “spam blockers” block 100 percent of all the phishing e-mails. Some will always slip through to your in-box. Never send personal information back to the sender of e-mails requesting personal information. Never visit the site through the link in the e-mail.
  • Use two-step verification whenever an account setup offers it. This will make it difficult for the hacker to get into your account.
  • Make sure your accounts have a backup e-mail address and phone number.

 

a member-uploaded image TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6163 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6771 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5376 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5757 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5232 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan