Be a Little More Secure This New Year and Avoid Phishing Attacks

Be A Little More Secure This New Year And Avoid
Phishing Attacks
Holiday season is here and everyone is excited about gifts, shopping and leisure time. Season’s sales has soared to
$602 billion and online sales is going upward of $60 billion. The fact that online sales are high and it’s a holiday season
hackers are on their toes to get the most out of it.

Visit Blog

What Is A Phishing Attack?



03/01/2014

Phishing is a way for hackers to take advantage by disguising as a trusted
source and luring the person to reveal his/her crucial information. A
common medium used in this process is Email.

SmartSignin| Be A Little More Secure This New Year

2

How Phishing Works?

Victim gets a professional looking email which asks them to take a particular
action like stopping the account termination or stopping a financial
transaction which never actually took place.

Realizing the urgency of the situation user doesn’t double check the
authenticity of the email and takes the action as specified thereby exposing
themselves to serious threats.
Mostly of these emails are targeted to obtain the user’s login credentials of
banks and other financial services.

03/01/2014


3

Phishing email from Apple

An authentic looking email
from Apple.

03/01/2014


5

Phishing email from Paypal

Yet another professional looking email
from PayPal which is actually a
phishing email.

03/01/2014


6

SOME COMMON TRAITS
How to identify and check the authenticity of the email.

 Check the sender of the email:
If you’re getting an email from Apple but the
sender’s address is @gmail.com or
@live.com then it’s a clear sign of potential
threat.

Personalization is always absent in such emails.
Hackers send these emails in bulk hence they
can’t personalize it. They will mostly address you
as ‘Dear Member’ or ‘Hi there’ etc.

 If the offer is too good to be true then it’s not true:
Nobody has left a ton of money
for you. You won’t get a brand
new iPad for free or at dirt
cheap price. Beware of such
claims as these are mere tactics
to lure you in.

 No financial institution asks for your access credentials via email:
Don’t share your credentials. If you smell something fishy, call your bank
directly and ask them if they have sent out such emails.

 Avoid downloading attachments from unknown senders:
Unless you are expecting one, avoid downloading any
attachments from unknown senders.

 Use updated antivirus, firewall, spam filters to block viruses and spywares.

 Check the URL of the landing page:
If you did click the link in the phishing
email double check the URL of the page
you are taken to. The fake URLs looks
similar to the real URL but are entirely
different. For example,
http://www.apple.login-user.com
might look like the user login section of
Apple but it’s actually a phishing URL.

 Don’t enter your login information in a pop up:
It’s a common tactic for hackers to
redirect a user to the real website
but a pop up will open up as soon
as you reach the website which
will ask you to enter the login
credentials. This makes the user
think that the real website is
asking them to enter their login
credentials.

Image from CNN e-mail phishing attack, 2009

 Look For ‘s’ in http

Websites having https in their URL
are secure so always make sure
that you are on a secure website
before entering your critical
information.

How To Protect Your Organization From Phishing
Attacks?

 Recently, twitter accounts of many different media websites have been compromised
by hacker groups.

 This was done with the help of social engineering, starting with the phishing attacks
targeted towards the employees.

 Human has always been the weakest link in the security and hence if one employee
falls for it, a domino effect is automatically initiated.

1

STEP 1 - Enforce strong policies
The first and foremost step to protect your organization is to enforce strong
policies among the employees.

2

STEP 2 – Following Best Web Security Training & Practices
Second step calls for regular training of employees on the basics of web security so
they can uphold the security best practices and protect the company’s resources.

2

STEP 3 – Implement Secure Identity & Access Management System

Third stage is to implement a secure Identity & Access Management system to ensure
that employees can access company’s resources that are relevant to their work.
Moreover an IAM system helps administrator to give access to the employees without
letting them know the access credentials and hence phishing attacks cannot be
successful.
Apart from this, administrator can also monitor and maintain the logs of when, how and
from where an employee accessed a particular resource thereby keeping a tab on all
the activities.

Want To See How Identity & Access Management
Tool Can Help Your Organization?

Be a little more aware this holiday season.
Happy New year!!

To understand the presentation in depth read the following article –
Be A Little More Secure This New Year
About SmartSignin
SmartSignin is a Single Sign-On and Identity & Access Management suite that helps in managing the online
identities and the access of employees, customers and partners to the company resources. SmartSignin is a
product of PerfectCloud Corp.
Being an Identity Management service provider, SmartSignin works on a unique patent-pending SmartKey
algorithm which allows users to manage their own decryption keys for their critical data. This architecture
provides users with complete security and privacy. To know more:
Visit SmartSignin Website

If you have any queries or feedback, contact us by filling up the form on the following link
Contact SmartSignin

Be a Little More Secure This New Year and Avoid Phishing Attacks

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (14)

Featured

Featured (20)

Be a Little More Secure This New Year and Avoid Phishing Attacks