Spam filters are not enough. To understand the clear and present danger of phishing attacks, one just needs to look at the data. APWG’s Phishing Activity Trends Report for Q1 2020 cites an uptick in phishing activity at levels that haven’t been seen since 2016.
More alarmingly, information stealing and key logging are quickly becoming the most common form of attacks evolving from comparatively primitive credential phishing. They are often launched through compromised business email systems and often dupe users through fake login pages that appear completely legitimate as they are hosted on Microsoft Azure custom domains.
Phishing and the sobering reality of a connected world
Fraudulent communications that look exactly like one sent by an authorized source and persuade users to take action thereby unwittingly revealing sensitive information about themselves or their organizations – that’s phishing in a nutshell. It is the perfect tool that exploits social engineering and presents an ongoing operational threat for businesses. After all, no amount of firewalling can prevent an emotional response from a user to a legitimate-looking email asking him to take urgent action in response to a threat to his own or his organization’s security. The most commonly recognized form of phishing involves random phishing mails sent to millions of users globally where gullible users are tapped for their personal and financial information. But phishing has evolved much beyond that to include vishing, smishing, spear phishing, and other constantly evolving tactics.
Why is Phishing a growing threat?
Because it exploits human vulnerabilities of any technical system, it is extremely difficult to programmatically detect and/ or mitigate. For businesses, they present a particularly prone area of security, as targeted attacks against organizations or employees can be a first step towards the unfolding of an advanced persistent threat. If an individual can expect to see his/ her entire bank balance evaporate overnight with a phishing attack, the effect on businesses are equally somber. Many organizations have faced severe financial losses as well as a rapid loss in consumer/ shareholder trust; drop in market share and lasting damage to brand reputation.
Phishing attacks are getting increasingly sophisticated and are exploiting ‘trust vulnerabilities’ of users. For instance, sites like SharePoint and OneDrive and mobile applications downloaded from centralized app stores that are often implicitly trusted by individuals and businesses alike are quickly becoming an attack vector. These attacks appear completely innocuous even to alert users. For businesses, phishing presents an even greater threat as Symantec’s 2019 research showed 96 percent of targeted phishing attacks were meant to gather intelligence.
Why is Canada such a popular destination for phishing attacks?
The scenario is particularly dire here in Canada as 52 percent of global phishing attacks were concentrated in the Great White North according to Q1 2019 RSA Quarterly Fraud Report. Nearly 60 percent of overall attacks originated in the US. The geographical proximity between the two countries matter as both victims and perpetrators use the same language, similar interests and Canada’s enviable per-capita income makes it an alluring target.
However, other theories, beg to differ – especially following Checkpoint’s report on the attack impersonating Royal Bank of Canada and further research that showed a mesh of attacks targeting Interac, a payment gateway that naturally interacts with a large number of Canadian banks. Checkpoint’s research uncovered 300 plus nearly identical domains hosting phishing websites for 14 Canadian banks using Interac. The sheer technical know-how and social learning displayed by the attackers showed a deep understanding of day-to-day business and financial operations in Canada and led experts to think that most of the phishing attacks that Canada experienced actually originated within the country.
A general sense of easy-going bonhomie, lax security measures and low levels of security awareness in the general populace also makes Canada a lucrative target.
Most Common Phishing Attacks and How to Prevent Phishing
With remote work becoming increasingly prevalent and online footprint increasing exponentially, Google reported a 350 percent increase in the incidence of phishing websites from 149,195 in January 2020 to 522,495 in March. With an unprecedented rise in threat levels, it is no longer optional for organizations to treat security only as a must-have. It’s imperative for organizations now to think from a security-first approach wherein each and every employee must be equipped to at learn and recognize the most common form of phishing attacks. A trained team of IT experts well-versed in defending against phishing attacks like Managed IT Services Vancouver can help you train your employees across ranks to learn when and most importantly, how to raise an alarm in case of suspicious activity.
The most common phishing techniques in use currently include:
Brand reputation phishing – By far, the most popular technique in phishing and a particularly hard one to elude for lay users. These attacks take the form of an urgent communication from a source close to the user and trusted implicitly. They can feature a mix of legitimate links, harmless and malicious code, shortened URLs and redirects, modified website addresses and brand logos or/ and very little content.
How to identify – Check all addresses, spellings, grammar, generic/ casual citations closely. Pay attention to the tone of the content and compare with earlier legitimate communications from the same source.
Vishing/ Smishing – Phishing threats are not limited to just emails. These attacks use phone calls and text messages to commonly impersonate public/ private authorities to get users to divulge sensitive personal information or lead them to download malicious apps or attachments or fill up fake web forms. Some attacks even instructed users to contact helpline numbers that they then used to extract personal information.
How to identify – At ActiveCo, we recommend users to not accept or at least thoroughly vet calls and texts from unknown numbers and to use caller identification systems. Most importantly, never give out personal information over phone and authenticate any requests via previously authorized routes/ numbers.
Spear Phishing – Relying on privileged information about the victim (individual employee or organization), spear phishing attacks are more laser-focused and attempts to gain a foothold in an organization’s security architecture, often as a first-step to gathering more intelligence and launching a high-level attack later. These attacks are sophisticated and can involve spoofing techniques or privileged information mined from social media sites etc. The attacks generally try to convince people to open malicious documents hosted on legitimate cloud servers and/ or enter their credentials or divulge sensitive company information on fake websites.
How to identify – Constant vigilance and continuous security awareness training. A reputed managed IT security services vendor like IT Security Vancouver can manage your security training programs end-to-end. We can also guide you on investing in tools that can detect malicious attachments in inbound mails.
Whale Phishing – These are ambitious and highly orchestrated phishing attacks that can target business leaders including the CEO, CTO, CFO or any other key executive in your organization. If the attackers manage to steal the targeted employee’s credentials, they can authorize wire transfers for large sums to their chosen accounts or use it to say, commandeer the tax information or other such sensitive employee and/ or vendor data.
How to identify – Time-pressed business leaders often cannot participate in security drills with employees. Nevertheless, it’s imperative for them to recognize the dange this poses to themselves and the organization and stay updated with security threats. Organizations should also implement multi-factor authentication for any large financial transfers and limit email-only approvals.
DNS cache poisoning – Are you sure you will land up on the site you want to go to even if you entered the correct website address? If a pharmer has poisoned the DNS cache of the website, you can be redirected to an altered IP address of a malicious website despite putting in the right address.
With malicious email codes, fraudsters can also modify host files on an individual user’s computer to redirect all URLs to a malicious website.
How to identify – While it’s nearly impossible to identify these types of attacks, users should take care never to enter login information anywhere except https-protected sites. Organizations should take care to constantly keep the anti-virus software updated and regularly update their virus database. Security updates issued by Internet Service Providers (ISPs) must be updated.
For the most comprehensive security guidance and solutions, it’s best to talk to experts like IT support Vancouver.
ActiveCo can help you meet Canadian Compliance PIPEDA requirements by ensuring you have the right policies, proof and procedures in place. Our extensive checks and 360 degree security ensures that your security policies do much more than just meet compliance – they protect your business, your people and your brand.
Here is a list of services ActiveCo provides to ensure complete security of your business.
- Policies and Procedures
Our extensive program nurtures a culture of security compliance and ensures that your employees have both the confidence to use data and aware enough to spot any anomalies quickly. This cuts down heavily on the most common form of breaches, i.e., end-user generated. We also enable you to monitor data access continually and determine risk areas for data that is in transit or stored. We can also help you automate steps to adopt a proactive end to scope of breaches, put the right risk level protocols in place and establish effective threat assessments and security audits. In case of a breach, minor or otherwise, we provide complete SEIM logs for post data breach reporting and post-incident evaluation and optimization. We can also help you put in place the right compliance reporting software.
Read more here to know more about our extensive security services package.