Presented by Mimecast

Why phishing attacks are so effective

 ·19 Oct 2017
Phishing

An alarming 91% of hacking attempts today begin with some kind of phishing attack, which uses email and social-engineering to gain access to confidential data.

Hackers attempt to dupe recipients into opening an attachment, clicking on a link, divulging confidential information or even wiring money to a fraudulent account.

“What makes these attacks so effective is that social engineering, effectively hacking the human brain, is actually quite easy to do,” Dr Bright Gameli Mawudor, Head of Cyber Security Solutions – Internet Solutions, Kenya.

Mawudor was speaking about Social Engineering – how it works and how it gets used at the Mimecast: Anatomy of an Email-Bourne Attack presentation at the 2nd Annual AfriSecure Cyber Security Summit in Johannesburg.

“As human beings, we are very open especially on social media, and all this information is incredibly valuable to hackers,” Mawudor said. “We are the problem. People are the problem.”

Essentially, it is human nature that makes us so vulnerable – we desire to be helpful, have a tendency to trust people we don’t know, and have a fear of getting into trouble, which are all traits that social engineers are able to capitalise on.

Social engineers are able to create confidence that they are who they say they are and that they are legitimately seeking information.

Even people who don’t consider themselves to be trusting by nature are vulnerable when presented with the right story, the right voice, the right speech pattern, the right body language, and so forth.

The reason phishing attacks are often successful is because it usually appears to come from a known or trusted source, often impersonating a C-level executive.

As such, phishing email attacks can be remarkably difficult to identify, and even when employees are trained how to spot a possible phishing attack or CEO Fraud, 23% of phishing emails are still open.

With the potential for phishing scams to cause disruption to business operations, damage to reputation and loss of business costing millions of dollars, organizations urgently need a sophisticated solution for preventing a phishing attack.

“It’s not just about potential monetary loss, as this can often be recovered – it is reputational damage that is very difficult to recover from,” warned Brandon Bekker, Mimecast South Africa MD.

“The world is changing and email has become a successful place for cybercriminals to operate as it is far easier to hack a person than a system.”

Mimecast Targeted Threat Protection provides a highly effective solution for preventing a phishing attack.

It defends against malicious links in email, weaponised attachments and social-engineering attacks to protect users and organizations from the dangers of advanced threats.

Mimecast improves phishing email and spear security by scanning all inbound emails in real-time, providing three levels of protection:

  • URL Protect scans all URLs within incoming and archived emails, identifying websites that are potential risks before opening a clicked link in the user’s browser.
  • Attachment Protect opens attachments in a virtual environment or sandbox that is isolated from the corporate email system, and enables employees to access it only once it passes security checks.
  • Impersonation Protect scans incoming email to identify potential malware-less attacks that use social-engineering to spoof employees into making fraudulent wire transfers.

“We believe it is very important to have a layered approach to email security, as this is how even physical security systems work,” explained Bekker.

“Your business most likely has multi-layered security, with guards or access control, electric fencing, alarms, CCTV, and more. When it comes to security, a multi-layered approach simply makes sense.”

With Mimecast Targeted Threat Protection, organisations can prevent a phishing attack, spear phishing attack or whale phishing threat without the need for additional infrastructure or IT overhead.

You can also add instant protection for all devices with no disruption to end-users, activate the service quickly through Mimecast’s cloud platform, and improve insight with end-to-end, real-time threat analysis and granular reporting.

“It actually only takes one person to be compromised in a network to compromise the entire organisation,” concludes Mawudor.

“Because employees are so vulnerable, education is essential, but you can’t rely on that alone – you also need a system in place, such as what Mimecast offers, to keep your network and organisation safe.

Learn more about stopping a phishing attack or CEO Fraud and about Mimecast’s solution for spam email protection and ransomware detection.

Subscribe to our daily newsletter