- Mar 10, 2024
- 444
What is Phishing and Spear Phishing?
Phishing is an attack method that involves fraudulent emails, text messages "smishing", or websites that look legitimate, and phone calls "vishing", as well as other various types. It is a form of social engineering where users are scammed "tricked" into revealing sensitive information or installing malware/granting access to the system.
Spear Phishing is a more advanced version of phishing that is a specific and targeted attack whereas phishing attempts to target mass groups.
The primary goal to both is to manipulate users. This would include impersonating family members, colleagues, business associates in order to do so.
Some tips to help against both forms.
* Use strong passwords and regularly update them. "credential access via Brute force is an old tactic, and using weak, reused and unchanged passwords leaves one vulnerable to this. Using strong passwords and updating them often as well as setting "many attempts "lockouts" will help negate this type of issue.
* Keep software current and updated. " Keeping software updated can help prevent phishing attacks by closing vulnerabilities that hackers can exploit to access your system or data."
* Never open a suspicious email or text message. "Be cautious of the sender, domain name, content, spelling (Grammar), urgency, attachments and links."
* Use multi-factor authentication "successful phishing allows attackers access to legitimate accounts. Using MFA will give them hoops to jump through trying to access these making it much more difficult.
* Data encryption " in any case where your data is taken of stolen encryption will ensure the attacker can not access it."
* Limit privileges on the system "non-root" & "Standard accounts". Persistence is a problem. Once a hacker gains control of an account the first thing they will want to establish is locking the user out of the account for full control. This can be approached by using minimum requirements of privileges needed in order to perform what ever task you need.
* Frequent education and awareness research "keep informed". Take the time to research occasionally, to view the newest and latest tactics as these type of attacks evolve, stay informed on how to best approach them.
Phishing is an attack method that involves fraudulent emails, text messages "smishing", or websites that look legitimate, and phone calls "vishing", as well as other various types. It is a form of social engineering where users are scammed "tricked" into revealing sensitive information or installing malware/granting access to the system.
Spear Phishing is a more advanced version of phishing that is a specific and targeted attack whereas phishing attempts to target mass groups.
The primary goal to both is to manipulate users. This would include impersonating family members, colleagues, business associates in order to do so.
Some tips to help against both forms.
* Use strong passwords and regularly update them. "credential access via Brute force is an old tactic, and using weak, reused and unchanged passwords leaves one vulnerable to this. Using strong passwords and updating them often as well as setting "many attempts "lockouts" will help negate this type of issue.
* Keep software current and updated. " Keeping software updated can help prevent phishing attacks by closing vulnerabilities that hackers can exploit to access your system or data."
* Never open a suspicious email or text message. "Be cautious of the sender, domain name, content, spelling (Grammar), urgency, attachments and links."
* Use multi-factor authentication "successful phishing allows attackers access to legitimate accounts. Using MFA will give them hoops to jump through trying to access these making it much more difficult.
* Data encryption " in any case where your data is taken of stolen encryption will ensure the attacker can not access it."
* Limit privileges on the system "non-root" & "Standard accounts". Persistence is a problem. Once a hacker gains control of an account the first thing they will want to establish is locking the user out of the account for full control. This can be approached by using minimum requirements of privileges needed in order to perform what ever task you need.
* Frequent education and awareness research "keep informed". Take the time to research occasionally, to view the newest and latest tactics as these type of attacks evolve, stay informed on how to best approach them.
Last edited: