Story image

Thwart phishers and their bait through a total security approach

13 Feb 2018

How many phishing emails landed in your inbox today? How many were caught by your filters? How many people clicked on the links and entered their details into dodgy websites? Maybe your CEO was a specific target.

These types of scams are becoming all too common, with many governments and watchdogs doing their best to cut through the noise and educate everyone about the dangers of phishing. Unfortunately, organisations such as Xero and its customers are being dragged through the mud as greedy cyber attackers create emails and websites that look scarily like the real thing.

Here’s an example. The week of September 28 2017 was a bumper week for phishing emails as criminals masqueraded as both Telstra and the Commonwealth Bank of Australia.

To the untrained eye, both the emails and websites looked almost identical to the genuine sites.

New Zealand is not immune. CERT NZ found that out of a total 390 incidents reported to the watchdogs between April and September last year, 153 were incidents classed as phishing and credential harvesting.

So if emails and websites look genuine, how can you discern the real from the fake?

You should check every email and every link for spelling mistakes and maybe even double check with the genuine organisation about something you’re not sure about.  Security technologies are also more advanced than ever before and they are able to filter out the phony websites.

Before we get to that though, let’s talk about malware.

The CERT NZ report also found that 28 reported incidents were related to malware. Bitdefender recently spotted a custom malware called Operation PZCHAO that was targeting various regions of Asia.

The Ursnif banking Trojan has also been targeting Australia and New Zealand with a disproportionate prevalence. It has been masquerading as genuine brands like Xero and Tax Store Australia.

How can we fight back against malware and phishing attacks? In addition to possessing a healthy dose of cyber hygiene such as not clicking on suspicious documents, cyber protection is more advanced than ever before as it evolves to fight back against cyber threats.

Bitdefender Total Security 2018 is a four-in-one product available for your Windows, Mac, iOS and Android devices. It combines protection, performance and privacy in one product that covers all your security needs.

Bitdefender Total Security 2018 also offers anti-phishing and anti-malware technologies that can secure your organisation, your family - and your CEO.

How does its phishing prevention work? It fights back against phishing by sniffing and blocking websites that masquerade as trustworthy in order to steal financial data such as passwords or credit card numbers. It warns you every time you come across fraudulent attempts.

It also defends against all threats including malware, zero-day exploits, rootkits and spyware.

What else is included? Webcam protection, multi-layer ransomware protection, a password manager, file shredder and social network protection just to name a few.

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.