Scribd
Upload
27 views11 pages

Countermeasures Against Phishing

Uploaded by

DaggupatiHarish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views11 pages

Countermeasures Against Phishing

Uploaded by

DaggupatiHarish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Countermeasures against Phishing

UNDERSTANDING PHISHING

Phishing is defined as a cyberattack where


attackers impersonate trusted entities to steal
sensitive information.

There are many forms of phishing: Email


phishing, Spear phishing, Smishing(SMS
phishing), Vishing(Voice phishing), and
Pharming, all of which pose a significant threat
to personal as well as organisational security.
THE IMPACT OF PHISHING
● Financial loss: Fraudulent transactions and
recovery costs.
● Data Breaches: Exposure of sensitive
information related to a person, client, or a
company.
● Reputational Damage: Loss of trust from
clients and stakeholders.
● Potential identity theft: Stealing a person’s
personal information to commit fraud or
other malicious activities.
VICTIMS OF PHISHING

1. Individuals : A study found that older women were the most susceptible to
phishing, while young user’s susceptibility declined over the years.
2. Employees : Top executives like CEO’s and CFO’s are often targeted
because they have access to sensitive information and the authority to sign
off on projects and financial transfers.

Over 48% of emails sent in 2022 were spam. Over a fifth of phishing emails
originate from Russia. Millennials and Gen-Z internet users are most likely to
fall victim to phishing attacks.
RECOGNISING PHISHING ATTEMPTS

● Suspicious sender addresses and email domains.


● Unexpected or urgent requests for sensitive
information.
● Links that don’t match official URLs.
● Businesses do not send messages without checking
spelling and grammar.
EMPOWERING THE WORKFORCE

● Regular training sessions on cybersecurity and


phishing awareness.
● Encouraging a culture of caution and reporting.
● Simulated phishing campaigns to test and improve
responses.
● Establish clear channels for employees to verify
emails supposedly from departments such as HR,
Finance, and IT.
MULTI-FACTOR AUTHENTICATION

● Implement MFA for accessing company accounts and


systems.
● Combines passwords with OTPs, biometrics, or
security keys.
● These are several enterprise-grade MFA solutions:
PingOne MFA, Cisco Duo, IBM Security Verify.
TECHNOLOGY AND TOOLS

● Deploy anti-phishing software and firewalls.


● Use endpoint detection and response (EDR)
systems.
● Enable email and browser filtering tools.
● DNS filter checks a URL in an email link against
a block list of URLs to block access to malicious
landing pages.
SECURE EMAIL PRACTICES

● Use encrypted email services.


● Implement spam and phishing filters.
● Avoid clicking on links or downloading
attachments from unknown sources.
REPORTING PHISHING ATTEMPTS

● Centralized system for employees to report


suspicious emails.
● Collaborate with cybersecurity agencies and
industry groups.
● Share intelligence to prevent widespread attacks.
CONCLUSION

Phishing poses a significant threat to organizations and people, but it is


a challenge that can be effectively addressed with the right measures.
Using technology such as multi-factor authentication, antivirus
software, and regularly updating devices enhances personal security.
Organisations implementing email filters, incident response plans, and
employee training strengthens overall resilience.
Awareness is equally important. Staying informed about phishing
tactics and adopting a proactive and layered approach, can minimize the
risk of phishing and safeguard everyone’s digital lives.

You might also like