Security News > 2020 > February > Phishing Attacks: Best Practices for Not Taking the Bait
Deceptive Phishing - The most common type of phishing attacks, whereby threat actors impersonate a legitimate company to steal users' personal data and access credentials.
Spear Phishing - These types of attacks are more sophisticated, whereby the threat actor customizes the attack email with the target's name, job title, company, and other personal information to make the recipient believe they have a connection to the sender.
Implement multi-factor authentication, which requires multiple methods for identification, and therefore is one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Through a combination of analytics, machine learning, user profiles, and policy enforcement, access decisions can be made in real time, to ease low-risk access, step up authentication when risk is higher, or block access entirely.
Risk-based access controls are often used in combination with MFA. Ultimately, stealing valid credentials via phishing attacks and using them to access a network is easier, less risky, and ultimately more efficient than exploiting existing vulnerabilities, even a zero-day.
News URL
Related news
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)
- Polymorphic phishing attacks flood inboxes (source)
- How to Detect Phishing Attacks Faster: Tycoon2FA Example (source)