Security News > 2020 > February > Phishing Attacks: Best Practices for Not Taking the Bait
Deceptive Phishing - The most common type of phishing attacks, whereby threat actors impersonate a legitimate company to steal users' personal data and access credentials.
Spear Phishing - These types of attacks are more sophisticated, whereby the threat actor customizes the attack email with the target's name, job title, company, and other personal information to make the recipient believe they have a connection to the sender.
Implement multi-factor authentication, which requires multiple methods for identification, and therefore is one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Through a combination of analytics, machine learning, user profiles, and policy enforcement, access decisions can be made in real time, to ease low-risk access, step up authentication when risk is higher, or block access entirely.
Risk-based access controls are often used in combination with MFA. Ultimately, stealing valid credentials via phishing attacks and using them to access a network is easier, less risky, and ultimately more efficient than exploiting existing vulnerabilities, even a zero-day.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)