Phishing is a very successful technique because people do not visit websites carefully or they do not have much time to be more careful, to investigate about the website or e-mail. One of the reasons may be that they did not become a victim before, or maybe they do not know even if they were. People easily trust brands and/or logos and influential texts. There is a lack of information assurance knowledge.
How Phishing Works
As I explained before, phishing is a very successful attack technique. These lines will prove this assertion.
In 2011, RSA, one of the biggest security firms was hacked. It was an attack against SecureID two factor authentication product of RSA. In this case, the attackers sent some phishing e-mails that has a subject as “2011 Recruitment Plan” and after an employee opened the attached excel file, they used a zero-day exploit of Adobe Flash.
As a newer story, just a few days ago, Forbes Magazine was hacked by Syrian Electronic Army with a phishing mail. You can read all the story minute by minute directly from Forbes;
Another story is from Turkey. Attackers send an e-mail that has an attachment of electronic billing of a telco company. When the victim opens the attached file, the malicious code encrypts all usable files in the PC and pops up a warning that he has to pay money for decrypting the files. This malicious software is called FatMal.
The most effective defense against phishing is creating user awareness. I will not touch the things how users beware of phishing on here but all companies should improve the awareness. RSA and Forbes are very good examples about that. One employee that you do not improve his awareness can cause to be hacked.
“You are as strong as the weakest link in your defense system” Sun Tzu
As a security admin, there are also some precautions that you can do. A proxy that has a dynamic scanning feature can decrease the possibility to be hacked by phishing. Even if the user opens the link in the e-mail, the proxy would not let him to enter the website.
Even if it is not enough for your security, ensure that all employee’s PCs, and antivirus agents are up to date. It is not enough because in the case lived in Turkey – I defined above, antivirus vendors did not have the signature of the malicious software and Trend Micro two, and Symantec five days later released the signature.