Nigeria's SureBet247 rubbishes claims of possible security breach

SureBet247
stands firm

Betting site responds to security breach claims.

Monday, Jan 20th

Phishing season is around the corner - don't take the bait!

Phishing season is around the corner - don't take the bait!

The season for serious shopping is almost upon us - and with it comes the problems of phishing and fraud. As the annual holiday and related shopping season begins - traditionally ramping up in October and finally ending in January - organisations are well-advised to remind their employees of the dangers of phishing e-mails, and give them the required training and technical support they need to avoid falling prey to scams.

The F5 '2018 Phishing and Fraud Report' found that phishing continues to be a top attack vector and is, in many cases, the hacker's tried-and-trusted, initial probe in multi-vector attacks, with phishing being the root cause of 48% of the data breaches that F5 Labs investigated during the period of the report.

F5's research, which was also sub-titled 'Attacks peak during the holidays', outlined how phishing and cyberfraud start to increase steadily towards the end of the year, with incidents from October to December jumping an astonishing 50% and upwards from the annual average.

The report notes that this time-frame is the season: '...when phishers and fraudsters creep out of their holes to take advantage of people when they're distracted: businesses are wrapping up end-of-year activities, key staff members are on vacation, and record numbers of online holiday shoppers are searching for the best deals, spending more money than they can afford, looking for last-minute credit, and feeling generous when charities come calling.'

The old saying 'forewarned is forearmed' should prompt us into vigilance. This report reminds us that the general strategy of a phisher involves three distinct operations, namely target selection, social engineering, and technical engineering.

It's a combination of research, to a greater or lesser degree; baiting a metaphorical hook; and then supporting these ill-intentioned out-reaches with technological methods to lure the victim into the final trap, which, when successful, allows the phisher to harvest information or plant malware into the network.

We should also note that people today tend to voluntarily provide a great deal of useful information about themselves online. Additionally, large-scale data breaches unfortunately result in information for sale. This all works together to make it easier for scammers to specialise their phishing campaigns, which in turn makes them more effective.

In more detail, phishing works as follows:

· Target selection involves finding suitable victims, especially their e-mail addresses and, when the lure is more sophisticated, also enough background information to find a psychological reason for them to click on the bait.

· Social engineering involves then 'baiting' the technical hook with a suitable lure that would entice a victim to 'bite', allowing the cybercriminal to steal their credentials, or plant malware. In the case of spear-phishing, this lure is very specifically customised to the targeted victim.

· Technical engineering refers to the methods employed to hack the victim, which can include building fake websites, crafting malware, and hiding the attack from security scanners.

But it's not all doom and gloom. The report also offers valuable explanations of how phishing works, how to defend your network against phishing attacks, and the importance of training your employees to recognise malicious e-mails.

Reducing the amount of phishing e-mails that creep into employee mailboxes is key, but you also need to accept the fact that somewhere along the way, employees will fall victim to a phishing attack.

It is, therefore, also vital to prepare your organisation with containment controls that include web filtering, anti-virus software, and multi-factor authentication. Silly season is going to be upon us all too soon, and so organisations are well-advised to empower their employees against the dangers of phishing e-mails, both with training as well as technological defences.

By Marcel Fouché, networking and storage general manager at Networks Unlimited Africa.

ALSO ON ITWEB AFRICA

NTT and Microsoft Form a Strategic Alliance to Enable New Digital Solutions Published on 08 January 2020

NTT Corporation and Microsoft announced a strategic alliance aimed at delivering secure and reliable solutions that help enterprise customers accelerate their digital transformations.

IOT revenue expected to more than double in MEA Published on 08 January 2020

Market forecast to reach over US$20-billion, according to a report by market analysis firm GlobalData.

Zimbabwe launches first computer plant Published on 20 January 2020

Project is a joint venture between TelOne and Chinese firm Inspur.