subject: Enhance Phishing Awareness With Anti Phishing Software [print this page] Today phishing attacks dominate the e-crime landscape. What makes phishing attacks dangerous is that it uses social engineering tactics to get a user divulge his/her sensitive information such as username/password, bank account number, social security number, financial details, credit card details and so on. The phishers use phony emails to trap hapless victims who are made to go to a malicious website where such information can be harvested. Besides email, the phishers use instant messengers, SMSes, and MMSes to deceive people.
Spear phishing, a subset of phishing, is the root cause of security breaches. Unlike phishing, which targets a wide audience to get general information, spear phishing is used to target a few important individuals in an organization like high-level executives who are on hold of highly confidential information, which the spear phishers are after. Spear phishing is an increasingly serious threat as more and more employees are falling prey to it. With a small detail like username/password, spear phishers find out everything about an individual both private and corporate.
Spear phishing attacks have become so refined that they are hard to identify and avoid. Hence, a single phishing attack and a slip from one employee is enough to ruin everything. Loss of sensitive information can have a negative impact on a company's brand and hard earned reputation. It can potentially lead to significant financial losses due to lost customer trust and decline in shareholder value. Hence, it is a serious battle that needs to be won at any cost.
Though there are anti phishing software available that address the "process and technology" aspect of security, there are not enough anti phishing software that effectively address 'people risk'. Spear phishing attacks are successful due to the lack of phishing awareness among the employees and therefore the best way to deal with this problem is to educate the employees about phishing attacks and phishing protection.
Hence, enterprises need to focus on developing an anti-phishing strategy that involves building the first line of defence by increasing an employee's phishing awareness and then implementing an action plan to avoid future pitfalls.