Security News > 2020 > February > Phishing Attacks: Best Practices for Not Taking the Bait
Deceptive Phishing - The most common type of phishing attacks, whereby threat actors impersonate a legitimate company to steal users' personal data and access credentials.
Spear Phishing - These types of attacks are more sophisticated, whereby the threat actor customizes the attack email with the target's name, job title, company, and other personal information to make the recipient believe they have a connection to the sender.
Implement multi-factor authentication, which requires multiple methods for identification, and therefore is one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Through a combination of analytics, machine learning, user profiles, and policy enforcement, access decisions can be made in real time, to ease low-risk access, step up authentication when risk is higher, or block access entirely.
Risk-based access controls are often used in combination with MFA. Ultimately, stealing valid credentials via phishing attacks and using them to access a network is easier, less risky, and ultimately more efficient than exploiting existing vulnerabilities, even a zero-day.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)