MIS535 Week 7 Discussion
How phishing attacks have compromised major systems?
Major corporations, governments, and other organizations are hacked each week, mostly by means of phishing attacks. Describe how users and IT organizations should arm themselves against these attacks. In a typical phishing attack, the attacker puts up a Web site that looks nearly identical to the victim's Web site. Technology changes fast, our genetic code and learned behaviors not so. As security professionals, we must concentrate not on technical measures, but on education, education, education. Phishers often set up the fake sites several days before sending out phishing e-mails. One way to stop them from swindling customers is to find and shut down these phishing sites before phishers launch their e-mail campaigns. Companies can outsource the search to a fraud alert service. These services use technologies that scour the Web looking for unauthorized uses of your logo or newly registered domains that contain your company's name, either of which might be an indication of an impending phishing attack. This will give your company time to counteract the strike Phishing attacks bring with them other risks and costs as well; including the direct IT costs to locate the source of data loss. Organizations should establish a cross-functional anti-phishing team and develop a response plan so that they're ready to deal with any attack. Ideally, the team should include representatives from IT, internal audit, communications, PR, marketing, the Web group, customer service and legal services. Baker, Emiley; Wade Baker, John Tedesco (2007). "Organizations Respond to Phishing: Exploring the Public Relations Tackle Box". Communication Research Reports
Although paypal says that it is safe. But people has started to do phishing attack. Once I was selling off my laptop on Ebay. I started to receive emails from paypal. Even From paypal email address that money has been transferred to my account. But when I checked nothing was there. I called paypal and inquired so they told me there is no communication from our side. And to inform those emails looked genuine. "You may receive a fake email that claims to be from PayPal. Sending fake emails is called "phishing" because the sender is "fishing" for your personal information. The email may ask you to:
Visit a fake or "spoof" website and enter personal information. Call a fake Customer Service number.
Click an attachment that installs malicious software on your computer." https://www.paypal.com/us/webapps/helpcenter/article/?articleID=94034&m=SRE
Employee training is the most vital tool for guard against phishing. This is why in a company or government sector and especially in a financial organization IT's have many site blocked. If a user clicks on the wrong web page or ente their personal info in a masked or fraudulent web page they are letting hackers into breaching their system and allowing hackers to also getting access to their credit cards etc...
Another way is that encryption method are there for such purpose where the end user need keys to access a system or see a system.
Organizations and the government can establish security firewalls and also have administrators monitor their network 24/7 for phishing attacks. Now with the newer technology routers and firewalls can be programmed for intruder aler alerts and prevent hackers from breaching security. Normally stacked firewalls are in place for a better security if one firewall does not catch the hacker since the data traffic speed is so fast the other fire wall will catch the hacker from intruding in the system. I would like to add, companies must enforce Ethical Usage of Technology in the workplace, such as but not limited to:
1.) Screen email software for staff employees, or totally do not grant the staff employee to use email outbound. The reason behind this is, some employees are not mature enough to practice caution, more so email...
Please join StudyMode to read the full document