Skip to main content

To Phish or To Be Phished

What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

What is Spear Phishing?

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. The main difference betwen Phishing and Spear Phishing, is Spear Phishing is very precise and very targeted in nature. 


How can you prevent any potential damage of phishing to your brand? 

  1. Develop and run in-house internal user awareness program to computer security regularly
  2. Over communicate the risks and dangers of phishing to your external customers and suppliers
  3. Buy all possible spoofable domain names to protect themselves and their suppliers and customers. To make things worse, all web url and email are underlined
    • user@woman.com become user@vvoman.com  (w is replaced by double v)
    • www.woman.com become www.wornan.com (m is replaced by r & n)
    • www.catgirl.com become www.catqirl.com (g is replaced by q)
    • www.google.com become www.qooqle.com (g is replaced by q) 
    • It is expensive exercise to do. There are endless combination of these domain.

How can you do to migitate the risks of the impact of phishing?

  1. Change password at least once a year
  2. Enable 2FA/MFA for your email accounts (via sms or mobile apps authenticator)
  3. Enable Windows Defender Browser Protection for Google Chrome Browser
  4. Enable mail identity protection on your mail server
  5. Install a reliable and effective endpoint security software for your PC or Notebook. We recommend that you can try Kaspersky Endpoint Security Cloud Plus. It has Mobile Security and Security for Microsoft Office 365
  6. If you are using Office 365 (O365) or Microsoft 365 (M365) then you should enable Office 365 Advanced Threat Protection. It has Safe Links, Safe Attachments and ATP anti-phishing protection
  7. Put in internal control checks to manage any external request to change bank account number
    • Check Domain with Domain Dossier https://centralops.net/co/DomainDossier.aspx 
    • Insist on Offical Signed and Stamped Document   
    • Land Phone Verification 
      • Use a verified telephone number taken from namecard
      • Do not use the telephone number taken from the email

Comments

Post a Comment

Popular posts from this blog

Mail Flow Topology

It is important to understand the entire mail flow from sender to receiver. It helps to understand the entire mechanics and workings of all the several components that exists in the mail flow topology. The understanding of this will help you to troubleshoot why some email cannot be send or why you cannot receive certain emails. A - User compose a  email using Mail Client. The email is sent from mail client to mail server via SMTP, MAPI or ActiveSync. The Mailbox maintain constant connectivity B - Mail Server check for outgoing mail security rules/policies C - If YES, then check for Internal Mailbox D - Deliver to Mailboxes E - If uncached or new MX Domain record, then query MX from DNS Server F - Sender Mail to Receiver Mail Server via SMTP (25, 2525) or SMTPS (465) or SMTP/TLS (587) G - Received Mail Server check SPF records H - Mail Server check for incoming mail security rules/policies I - Mail Server check for valid user mailbox J - Mail Server deliver to User mai...
Post a Comment
Read more

Nvidia GeForce RTX 2080 Ti

Nvidia GeForce RTX 2080 Ti RTX. IT’S ON. NVIDIA’s newest flagship graphics card is a revolution in gaming realism and performance. Its powerful NVIDIA Turing™ GPU architecture, breakthrough technologies, and 11 GB of next-gen, ultra-fast GDDR6 memory make it the world’s ultimate gaming GPU.  NVIDIA TURING GeForce RTX™ graphics cards are powered by the Turing GPU architecture and the all-new RTX platform. This gives you up to 6X the performance of previous-generation graphics cards and brings the power of real-time ray tracing and AI-powered DLSS 2.0 to games. UP TO 6X FASTER PERFORMANCE REAL-TIME RAY TRACING IN GAMES POWERFUL DLSS 2.0 AI-ENHANCED GRAPHICS REINVENTING DESIGN The factory overclocked GeForce RTX™ 2080 Ti Founders Edition graphics card features a next-gen 13-phase power supply for maximum overclocking and dual-axial 13-blade fans coupled with a new vapor chamber for ultra-cool and quiet performance. DLSS 2.0 MAX FPS. MAX QUALITY. POWERED BY AI NVIDIA DLSS 2.0 boosts fr...
Post a Comment
Read more

Why we need a Synology NAS

What is NAS NAS (Network Attached Storage) is an intelligent storage device connected to your home or office network. You can store all your family and colleagues’ files on the NAS, from important documents to precious photos, music and video collections. By using a web browser or mobile apps, you can access files and use various services provided by the NAS via the Internet. For Home Why Do You and Your Family Need One How many photos and videos do you take each day? Is your phone or laptop running out of space? Our constant challenge is that the number of our digital files keeps going up and they are scattered across different devices and services. To consolidate these files into one safe place, you need a secure and centralized storage solution. “Wait, don’t Google Drive and Dropbox already do that? Can’t USB drives solve all my storage problems?” The major drawbacks of storing files on the public cloud are letting someone else hold all your personal files and high monthly subscript...
Post a Comment
Read more