Have you ever received an email that looks highly suspicious, and the sender asked you to click on the link that is attached to the email? Then you might be a target of a phishing attack. Phishing is a type of social engineering attack method that is often used to steal user data, that includes login credentials and credit card numbers.
The method of the attack is when an attacker, masquerading as a trusted person or entity, tricks the user into opening an instant message, text message or email where the victim is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack.
Phishing attack is the top “action variety” seen in breaches in the last year and 43% of breaches involved phishing and/or pretexting whereby almost 75% organizations were affected based on Verizon’s 2021 Data Breach Investigations Report (DBIR).
The worrying numbers of phishing attacks will only increase if there is no such action taken by organizations to find out solutions to prepare themselves for the attack.
Senior Security Incident Handler, EG|CERT Loay Ashraf said there are several steps that organizations could take to handle the phishing incidents.
“We can start by email filtering, where organizations must install and must configure email filtering tools to filter and block all malicious mails transmitted across their network such as adding firewalls, IPS and IDS and keep these updated all the time.
“Email monitoring tools must also deployed. Email monitoring tools that check for malicious attachment links, messages as well as sensitive data in incoming and outgoing emails,” he said.
He further explained that another crucial step that an organization should take is to have a clear means of communication within the organization and the authorities.
“Communication. Establish email and dependent communication channel such as telephone, message, voice over internet, voice over id, and sending data to response team and other authorities.
“This step is very important because in case an organization or company is under attack establishing a dependent communication channel will come in handy and will help the team to inform authorities in a short period,” he shared.
Preparation is key and would save the organizations resources from being scammed by a phishing email from scammers. Organizations need to prepare because like the old saying goes “He who fails to prepare, prepares to fail”.