The term “KISS”, which means “keep it simple, stupid”, first appeared in the US Army in 1960. This means that the system design should be as simple as possible in order to maintain effectiveness. Nowadays, it can also be explained as “Keep it simple, silly”, “keep it short and simple”, “keep it simple and straightforward”, “keep it small and simple” and “keep it stupid simple”. In the field of information security, it is the best term to describe phishing attacks. Although the “phishing” attack is simple, it is absolutely a nightmare for everyone.
For more information on phishing and how we can help you assess your resiliency against such attacks, see our “Phishing Attack Simulations and Effective Measures to Prevent Them” whitepaper
Phishing attacks are fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising themselves as trusted entities in electronic communications. The word itself is a new word created as a fishing homophone due to the use of bait to try to capture the similarity of the victims. There are even more phishing types such as Spear Phishing, Whaling, and Clone Phishing.
- Spear Phishing: It basically targets specific individuals or companies. Spear phishing attackers often collect and use personal information about their targets to increase their chances of success.
- Whaling: It was created in response to attacks targeting senior management or key personnel. The content of the email is carefully designed for this group of people in the company.
- Clone Phishing: It leverages previously sent emails and uses their content and recipient addresses to create almost identical or cloned messages. The legitimate attachments or links in the messages are replaced with a malicious version and then sent from the attacker’s email address. It seems to be from the original sender.
Before the phishing attack, the attacker needs to perform social engineering work, such as investigating the victim’s information, including job titles and communication methods. These can often be obtained by searching the Internet, or by collecting “trash bins”. With social engineering, the contents of these phishing emails are generally highly confusing and attract victims to open them. The following are some common methods to defend against phishing attacks:
- Security Awareness Training
- Email Blacklist/Whitelist Setting
- Anti-malware System
- Threat Intelligence
LIFARS’ Cyber Resiliency Team can help your organization with simulating a real phishing attack to your organization and based on the results collected and our in-depth analysis of the company email system (encryption, protocols, filters, etc.), we will help optimize the system to increase the overall security posture to help keep cybercriminals from entering your network. Upon completion of the simulation, a detailed report is produced, complete with gaps and recommendations to elevate your security posture and awareness. Here are what LIFARS can help on:
- Full-Scope Email Audit: Our team will follow up by conducting an audit of the entire email system to help identify gaps in your security. We will examine email use within your organization for a period of time and based on the results collected and our own experience we will set up filters, whitelists, and blacklists to prevent common and advanced (targeted) email attacks on your organization.
- Fine-Tuning Technology: Many businesses have technology in place capable of providing reasonably good email security. We will evaluate and fine-tune your existing technology to provide optimal security for email communication. We ensure that all security controls in place are properly configured and functioning optimally.
- Employee Training: Even with the most advanced technology in place, the human factor should not be underestimated. A well-educated and vigilant workforce plays a crucial role in preventing advanced social engineering attacks, including email attacks. Our Cyber Resiliency Experts will train your employees with real examples from the assessment stage to demonstrate the threat and importance of being prepared.
LIFARS Can Help On Increasing
Overall Cybersecurity Posture In Your Organization