Story image

Thwart phishers and their bait through a total security approach

13 Feb 18

How many phishing emails landed in your inbox today? How many were caught by your filters? How many people clicked on the links and entered their details into dodgy websites? Maybe your CEO was a specific target.

These types of scams are becoming all too common, with many governments and watchdogs doing their best to cut through the noise and educate everyone about the dangers of phishing.

Unfortunately, organisations such as Xero and its customers are being dragged through the mud as greedy cyber attackers create emails and websites that look scarily like the real thing.

Here’s an example. The week of September 28 2017 was a bumper week for phishing emails as criminals masqueraded as both Telstra and the Commonwealth Bank of Australia.

To the untrained eye, both the emails and websites looked almost identical to the genuine sites.

New Zealand is not immune. CERT NZ found that out of a total 390 incidents reported to the watchdogs between April and September last year, 153 were incidents classed as phishing and credential harvesting.

So if emails and websites look genuine, how can you discern the real from the fake?

You should check every email and every link for spelling mistakes and maybe even double check with the genuine organisation about something you’re not sure about.  Security technologies are also more advanced than ever before and they are able to filter out the phony websites.

Before we get to that though, let’s talk about malware.

The CERT NZ report also found that 28 reported incidents were related to malware. Bitdefender recently spotted a custom malware called Operation PZCHAO that was targeting various regions of Asia.

The Ursnif banking Trojan has also been targeting Australia and New Zealand with a disproportionate prevalence. It has been masquerading as genuine brands like Xero and Tax Store Australia.

How can we fight back against malware and phishing attacks? In addition to possessing a healthy dose of cyber hygiene such as not clicking on suspicious documents, cyber protection is more advanced than ever before as it evolves to fight back against cyber threats.

Bitdefender Total Security 2018 is a four-in-one product available for your Windows, Mac, iOS and Android devices. It combines protection, performance and privacy in one product that covers all your security needs.

Bitdefender Total Security 2018 also offers anti-phishing and anti-malware technologies that can secure your organisation, your family - and your CEO.

How does its phishing prevention work? It fights back against phishing by sniffing and blocking websites that masquerade as trustworthy in order to steal financial data such as passwords or credit card numbers. It warns you every time you come across fraudulent attempts.

It also defends against all threats including malware, zero-day exploits, rootkits and spyware.

What else is included? Webcam protection, multi-layer ransomware protection, a password manager, file shredder and social network protection just to name a few.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.