How do you win when the Cyber Criminals continue to innovate and make hazardous the most basic communication experiences, the ones you depend on to do your job and run your life on a day to day basis?
I was reading a very good article by Bryan Krebs where he broke down a recent Phishlabs report that stated almost half of all landing pages for phishing scams have secured their web pages in the very way that you were taught as the absolute sign of safety on the web…the ‘https’ and the lock. The lock and variations of the lock were designed to ensure users that despite not knowing the code and origin of the webpage they were on, that they could transact business securely. Well, apparently not anymore.
Furthermore, what Bryan explores in some of these fraudulent efforts is the use of foreign language characters as an additional point of deception used by Cyber Criminals that can insert a letter that looks like an English language letter, but may actually be from another language, and therefore established as a different domain, and therefore….As in all phishing scams and their landing pages, you are not where you think you are.
Thanks for the bad news Craig…what do I do to fix this?
But wait…there’s more!
Check out this read from Jessica Haworth at portswigger.net recapping the state of Spear Phishing some 10 years after that became a viable threat. The net/net is that we are no further along from a safety perspective than we were 10 years ago. As Jessica quotes from Vicente Diaz of Kaspersky Lab “we saw some big social networks being attacked and leaking a high amount of data.” This opens the door for Cyber Criminals to begin the profiling activities and phishing specific individuals with access. We appear to be no closer to stopping this method of attack.
So what now?
In IT, we always try to fix stuff, block stuff…there’s a problem, we want to solve it and see results quickly. The title of this piece is ‘Winning the War on Phishing’. Wars aren’t something you win quickly in a day or a week, and they’re also not something that you take lightly! It’s also not something you take on if you don’t believe it’s a real problem. Wars are won when there’s a broad commitment to a long term strategy that starts with the recognition that there is an enemy, the enemy is real and you have a willingness to acknowledge that, and finally a commitment to a plan to ultimately mitigate the enemy.
If you are concerned about Cyber Crimes and its impact in your business, you should be after those two articles referenced above. Short of a failure to operate your core business, Cyber Crime is one of the few places where a weak point in your business can be catastrophic. With a brand new year ahead, it’s a great time to make an organizational commitment to take steps forward in your company’s ability to recognize, understand, and fight phishing scams and Cyber Criminals.