• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

How to Prevent Employees From Falling For Phishing Attacks

June 19, 2019 By The Editor

Man fishing

According to the 2019 Verizon Data Breach Investigation Report, a full third of cyber attacks involve phishing tactics. While there is evidence that employee education and phishing prevention solutions are effective in stopping basic phishing attempts, attackers have responded by making phishing emails more sophisticated and convincing. Examples include targeted spear phishing messages based on victim’s social media posts, phishing via text messages, sextortion, and creating fake login pages for legitimate web sites. Users are always the weakest link in security, and that’s why it’s more important than ever for organizations to train their employees to spot phishing attempts.

WatchGuard Sr. Security Researcher Marc Laliberte recently wrote a guest article about phishing education for Help Net Security. He explains why phishing education is so critical to organizations’ overall security posture and gives best practices for success, like establishing a baseline, covering text message phishing and including technical phishing controls like DNS filtering. Here’s an excerpt from the article:

“Phishing awareness training should include the latest phishing delivery method: text messages. While text message phishing tends to go after user’s bank accounts, there is nothing to stop an attacker with knowledge of a company’s organizational structure from pretending to be the CFO in an “urgent” text to a finance employee.

 The 2019 Verizon Data Breach Investigation Report points out a few reasons why text message phishing has the potential to be even more effective than emails. First, users tend to be distracted with other tasks like walking or talking while interacting with their mobile phones. This may cause them to miss indicators that the message is not legitimate. Additionally, mobile apps are more streamlined than their desktop counterparts, which includes removing or hiding elements that might verify the validity of a link, like SSL certificates. Many phishing training companies now include text-based phishing awareness services too, that help teach users how to spot these more difficult-to-find red flags.”

Read the full article to get all four of Marc’s tips on phishing prevention. Read more about defending against mobile phishing and about a new phishing attack that goes after MFA tokens here on Secplicity. Check out our DNSWatch security service for details on how WatchGuard can help prevent phishing attacks.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use