The United States government released a guide regarding the most popular phishing techniques. It defines phishing as “a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.” Everyone should read these tips to remain secure online, even those outside the US.
People should take phishing and other online schemes seriously because we all store our data online. Otherwise, they may lose sensitive information to shady, unknown individuals and groups who may use it for nefarious purposes. Worse, businesses may lose company secrets and shed stock value and investors.
This article will discuss the phishing techniques shared by the US government. Also, I will add more measures against other prevalent online scams.
What are the most popular phishing methods?
The Cybersecurity and Infrastructure Security Agency (CISA) posted the full version of the US government’s phishing advisory. It wrote the 14-page document with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
It says, “Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.”
Also, it “is often the first stage of a larger attack that can lead to data breaches, ransomware infections, identity theft, and other serious consequences.” Here are the methods it tackled:
Phishing for Credentials
It involves hackers pretending to be someone you trust. They will request your login credentials to access your resources and systems. The earliest version uses emails that seemingly come from your boss, co-worker, or IT staff.
Some send text messages or use chat platforms to trick you into giving your login info. Others use internet phone services to fake caller IDs, posing as legitimate numbers.
You can protect yourself by implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) for emails. Also, you may set this system to “reject” for outgoing emails.
You should also have multi-factor authentication (MFA) for your credentials. Moreover, set it up to lock out and alert you automatically if it senses suspicious activity.
Single Sign On (SSO) for centralized logins is also ideal. Furthermore, monitor internal email and messaging traffic and train yourself and others in spotting sketchy messages.
Phishing for Malware
Hackers can use phishing to plant malware into your systems. They could send links or attachments hidden inside seemingly innocuous folders.
Others may urge you to download smartphone apps or open text message links to deliver malicious content. Fortunately, you can stop it by only giving yourself administrator privileges to your computer and nobody else.
Add more protection by disabling macros by default and using remote browser isolation solutions and protective DNS resolvers. Create denylists for your email gateway and firewall rules to block malware delivery.
If you need others to use your system, add trustworthy individuals to an application allowlist. Follow the principle of least privilege (PoLP) when composing that list.
The Computer Security Resource Center defines it as “The principle that a security architecture is designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.”
What are the latest phishing protections?
Authorities should also implement the latest technologies to protect citizens. For example, the Cybercrime Investigation and Coordinating Center (CICC) uses its Consumer Application Monitoring Systems (CAMS) to secure Philippine apps.
Modern artificial intelligence has given rise to unprecedented cybersecurity threats. Fortunately, experts are using AI measures to combat these new threats:
- Threat intelligence: Artificial intelligence can compile AI cybercrime patterns to defend against future attacks.
- Malware detection: AI can examine factors like code patterns and file characteristics to determine if a file is safe or harmful. As a result, this technology can improve antivirus software.
- Detection of malicious activities: AI can analyze networks to establish telltale signs of malicious AI activity. Consequently, it could prevent such attacks before they worsen.
- Threat management: This technology can improve cybersecurity analysts’ efficiency. These tools could flag false positives so that digital security personnel can focus on verified threats.
Conclusion
The United States government released an online guide to inform the world about the most popular phishing attacks. Everyone can use methods, but it also has more advanced methods that are more viable for IT experts.
Governments and tech companies should collaborate to fend off these threats for everyone. However, people should still take personal responsibility for protecting their data.
Reading this article is a huge start in ensuring your online security. Strengthen your defenses further by learning more digital tips at Inquirer Tech.
Frequently asked questions about phishing
What is phishing?
CISA defines phishing as “ a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security. Moreover, it “is often the first stage of a larger attack that can lead to data breaches, ransomware infections, identity theft, and other serious consequences.”
What are the most common phishing methods?
The most popular methods involve impersonating a target’s loved ones or co-workers to fool them into providing login credentials. They may send seemingly trustworthy emails and other messages to extract that information. Also, some share malicious apps hidden in seemingly innocuous folders to gain access to someone’s computer.
How do you defend against phishing?
You can defend yourself against phishing by checking online messages thoroughly. Ensure you are receiving a message from the person to whom it says it originates. If you confirm the message came from an illegitimate source, block that person and do not click on anything inside. Also, do not share your login information with anyone.