Friday, 7 December 2012

Can Phishing Attacks get any trickier in the coming year?

Spear phishing emails rather than the mass phishing mails is reported to be the tactic Phishers will be using this coming 2013.

Mass phishing - technique where phishers distribute thousands or millions of emails to potential victims to extract information from those who’ll give in to the trap - is no longer effective and is said to be the thing of the past. Spear phishing is said to be the new thing. Many say it is a more powerful tool than the mass phishing as attacks will be more planned and victims will be well targeted. How cybercriminals do this is through stalking and carefully studying a handful pick of victims and tailor the message until it is relevant to the recipient, enough for them to believe and respond either by clicking on the link, opening an attachment, or providing personal information.

It is a known fact that as technology continuously evolves, so does the strategy of cybercriminals. Rohyt Belani, CEO at PhishMe said “If 2012 was the year of BYOD, 2013 will be the year of mobile malware designed to take advantage of it. We have seen a growth in consumer apps that violate privacy, for example by tracking your GPS data, but in 2013 we will see criminals targeting mobile device users, specifically with the intention of getting inside their corporate email system.” *

Come to think of it, it's really possible that BYOD hackers will be successful at phishing information from users who surf the internet through their mobile devices especially now that mobile devices including smartphones and tablets can gain access to corporate database. This being the case, it will be advisable for corporations who embraced BYOD to be more aware of security protocols and more cautious of the files and/or links they will be opening because one wrong move can get your corporate network exposed and none of you will be happy about it.

“Spear phishing attacks are performed by humans, against humans.” While it is existent that we have software solutions, it will never be hurtful to be more cautious and to be more prepared. As the cliché goes, regrets are felt when it's just too late. So start installing antiviruses or Digital Certificate as an early preventive measure. These products combined with education of employees will help them become more sensitive to threats and understand when and why they need to report such suspicious attacks.

From the above-mentioned details, it is fitting that we learn more of these solutions and use them at their best. GlobalSign, being one of the longest established Certification Authorities and leading online security solutions has always been committed to providing customers with the most up to date security solutions capable of guarding users against modern-day attacks. One of its offered products is SSL certificate secured by the highest encryption level available to date, 2048-bit encryption. You may choose among Domain Validation SSL, Organization Validation SSL, and Extended Validation SSL. Not only that, GlobalSign also offers Code Signing Certificates that provide the ability for all developers on all platforms to digitally sign and bind their authenticated publisher identity to the software or executable file they distribute. The timestamp feature ensures end users that the software or executable file they are running is legitimate and has not been tampered with or altered since being published.

For further details/inquiries, you may visit our website at www.globalsign.com.sg or connect with us on Facebook (https://facebook.com/GlobalSignAPAC), Twitter (https://twitter.com/GlobalSign_APAC) for updates. You may also contact us directly at sales-apac@globalsign.com.