Today Protecting against Phishing and Scamming is of paramount importance

There are scammers who are ever-ready to use remote tools maliciously and attack. As IT departments transition to becoming virtual helpdesks, some of the biggest challenges they face is around security. Rescue offers multiple layers of security that have become more important in today’s unique world as companies look to close out any potential opportunities for scammers to take malicious action against their end-users.

The phishing attack can start with an SMS message to the victim's phone for example, a suspicious payee had been added to ones account or there had been a suspicious transaction on the account. The SMS linked to a fake bank login page that allowed the attacker to grab the victim's username and password, which the attacker used to log in to the legitimate login page. That log-in sent a genuine one-time password (OTP) to the victim's phone. Once the victim enters the OTP the attacker has full access to the bank account.

Finally, Phishing is big business. Attacks have shown record growth in recent years, and a solid security awareness program is an integral part of any defense-in-depth strategy. Phish Threat provides you with the flexibility and customization that your organization needs to facilitate a positive security awareness culture.

As we see the consumer-focused attack techniques, these can quickly and easily be adapted to be used to attack enterprises. For example, last year's Twitter hack used a very similar technique to the banking credential attack, but this time the target was the account takeover of high-profile victims. Once the attackers gained access to an employee's account, they were able to move laterally and get access to the tools used to manage Twitter user accounts. This gave them the means to hijack the public Twitter accounts of high-profile celebrities.

Employees possess credentials and overall knowledge that is critical to the success of a breach of the company's security. One of the ways in which an intruder obtains this protected information is via phishing. The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc. A phisher's success is contingent upon establishing trust with its victims. We live in a digital age, and gathering information has become much easier as we are well beyond the dumpster diving days.

To help businesses better understand how they can work to avoid falling victim to phishing attacks, we at VARINDIA have asked a number of security experts to share their view on the most common ways that companies are subjected to phishing attacks and how businesses can prevent them and have formed a WatsApp group by the name ‘Eminent CISO’s of India’ where all the members share their best practices related to the Cyber security.

By Dr. D. K Sahu, Publisher-VARINDIA