Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

How to win the War on Phishing

A phishing attack is a trick e-mail sent randomly to perhaps a million recipients, and the thief counts on the numbers game aspect: Out of any given huge number of people, a significant percentage will fall for the trick.

 

The trick is that the e-mail contains certain information or is worded in such a way as to get the recipient to click on the link in the message. Clicking on the link brings the user to a website that then downloads malware.

Or, the website is made to look like it’s from the user’s bank or some other major account, asking for their account number and other pertinent information like passwords and usernames; they type it in (and it goes straight to the thief). Sometimes this information is requested straight in the e-mail’s message, and the user sends the information in a direct reply.

The Google Online Security Blog did some analysis of phishing e-mails and came up with the following:

Malicious websites really do work: 45 percent of the time. As for getting users to actually type in their personal information, this happened 14 percent of the time. Even very fake looking sites went over the heads of three percent. Three percent sounds like peanuts, but what’s three percent of one million?

Hasty hackers. Once the hacker gets the login information, he’s into the victim’s account within 30 minutes 20 percent of the time. They may spend a lot of time roaming around in the account, which often includes changing the password to keep the victim out.

Those strange e-mails. Ever get an e-mail in which the sender is a very familiar person, but the message was also cc’d to a hundred other people? And the body message only says, “Hi there!” and then there’s a link? This is likely an e-mail from the victim’s e-mail account (which the hacker knows how to get into), and the thief copied everyone in the victim’s address book. Recipients of these phishing attacks are 36 percent more likely to fall for the ruse than if the attack comes as a single message from an unfamiliar sender.

Fast adaption. Phishing specialists are good at quickly changing their strategies to keep up with changes in security.

The Google Online Security Blog recommends:

  • Not all “spam blockers” block 100 percent of all the phishing e-mails. Some will always slip through to your in-box. Never send personal information back to the sender of e-mails requesting personal information. Never visit the site through the link in the e-mail.
  • Use two-step verification whenever an account setup offers it. This will make it difficult for the hacker to get into your account.
  • Make sure your accounts have a backup e-mail address and phone number.

 

2921

Channels

Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Robert Siciliano

Robert Siciliano

Security Analyst

Safr.me

Member since

04 Feb 2009

Location

Boston

Blog posts

839

Comments

62

More from Robert

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more