Phishing scams come in all shapes and sizes. But one thing is for certain: they are all around us.
Fraudsters who craft and disseminate these fake emails are often experienced in their methodology, incorporating newsworthy items, such as the Ebola outbreak and the upcoming holiday season into their ploys to maximize their appeal.
Today, phishing scams know no bounds when it comes to the type of operating system we use or the type of perpetrator—whether it be Windows, Linux, or Apple, every user is susceptible to phishes.
In a recent study performed by Google, the company found that the most expertly crafted scams were successful 45 percent of the time. Additionally, even those that were obviously fake, as evidenced by misspelled words and poor grammar, worked on 3-14 percent of users.
Phishing continues to be leveraged by criminals as a ‘tried and true’ tactic to deceiving everyday users and organizations. To combat this ongoing cyber threat, many enterprises have developed anti-phishing solutions to protect companies when, not if, an employee clicks on a malicious link.
These tools often consist of monitoring, predictive modeling and malware analysis features to catch a phish before it wreaks too much havoc on a company’s network.
But this is half the battle. Phishing intrinsically plays on human curiosity and weakness. As such, any anti-phishing strategy must incorporate a degree of security awareness if it wishes to be effective.
Earlier this month, we outlined several tips to help spot a “good” phish from a “bad” one. To continue our effort of bringing anti-phishing awareness, especially with the holidays approaching, here is a short video with a few tips for users to protect themselves against phishes:
Ultimately, phishers may be clever with their tactics to trick users into clicking on a suspicious link. But when pitted against a healthy dose of security awareness, they don’t stand a chance.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image header courtesy of ShutterStock.com.