Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …
Phishing
by Stephane
Phishing, a new fraud technique
Phishing is a common practice in the IT industry. This is a technique used by hackers to fraudulently retrieve personal data from Internet users. With the information they obtain, they are able to impersonate the phishing victim. Pirates use a variety of methods to achieve their goals.
Whatever the techniques used, the aim of hackers is to make victims believe they are dealing with a legitimate third party. To do this, they set up fake interface sites, such as those of a bank, e-commerce site or government agency. Sometimes, they send their future victims e-mails urging them to visit falsified websites and then obtain the information they need.
The most common is the phishing of users’ bank details when they make an online purchase on auction sites. There are also two types of phishing frequently used by computer criminals: spear phishing, or targeted phishing using social networks as a medium, and in-session phishing, or session phishing using pop-ups.
The results of a survey carried out by a web filtering solutions provider showed that 3 out of 10 UK employees believe that partial protection of their e-mail is sufficient to protect them against cyber-attacks such as phishing. It also reveals that many don’t even know if their inbox has a spam or phishing filter. 30% of British employees do not hesitate to check emails from an unknown address.
For almost 70% of them, only their company’s IT manager is involved in securing their computer and e-mail inbox. Their lack of information makes them vulnerable to hacker attacks such as phishing. This poses a major threat to the company, as hackers will not only have access to the user’s personal data, but also to the professional information contained in his or her work tools.
Ensuring the security of company and employee data requires the implementation of security charters, followed by the training and awareness-raising of all staff on the IT dangers involved. Any malicious code that managed to enter the company’s IT infrastructure would be a permanent threat to the business. It could be conveyed by e-mail attachments, social networking connections, etc.
No company is immune to threats, even with an effective firewall and antivirus. To limit potential risks, only 6% of SMEs prohibit their employees from connecting USB and iPod devices to their workstations, 22% prevent the launch of P2P applications and 31% prohibit access to known phishing sites.
