- Get link
- X
- Other Apps
Phishing scams send fake emails by tricking the names of creditworthy senders, such as companies and financial institutions, and direct them to fake sites. And it steals important information. In this article, we will explain examples of damage to phishing sites and measures that companies should take.
Examples of damage caused by phishing sites
Phishing scams are scams that steal user information. Here, we will introduce the method and examples of damage.
Impersonation Such as Google
Google, which is used by many people for searching, has services that allow you to use e-mail and cloud storage by acquiring an account. An email with the words "Important Notice" will be sent to users who have this Google account. And it has been reported that if you enter your login information to check the Google Docs linked to, your account information will be stolen. Please note that such techniques can be seen not only on Google but also on Twitter and Facebook.
Email Service Spoofing
In some cases, an email stating "system maintenance" or "account confirmation" will be sent from the sender who claims to be the Web service or financial institution you are using. If you jump to the phishing site from the link in the email and enter your account information and password, this information will be stolen. In both cases, the common pattern is that fake senders send urgent emails to phishing sites.
What Measures Should Companies Take?
Companies need to take action against phishing sites from two perspectives. One is to prevent employees from being caught in phishing scams, and the other is to protect consumers. Here, we will explain each countermeasure.
Security Education
In order for our employees not to be victims of phishing scams, it is first necessary to thoroughly educate them on security and enhance the IT literacy of each employee. Specifically, we invite employees to participate in seminars hosted by security-related companies and use online seminars and e-learning to receive regular training. It is important to increase the IT literacy of employees. In addition, tests such as requesting an external security-related company, sending an unannounced email disguised as a phishing scam to an employee, and seeing the reaction can be expected to be effective.
Introduction of Countermeasure Software
It is also necessary to take measures on the hardware side. If you install security software on the terminals used for business, you will be able to detect phishing emails. Security software also has functions such as blocking access to links suspected of being phishing and checking the safety of the site displayed in the search results. The introduction of the software will reduce the risk of employees being exposed to phishing scams.
Measures to Protect Consumers
Employees are not the only ones to protect against the damage of phishing scams. Consumers who use their company must also be protected. Therefore, I would like to introduce an "SSL server certificate". The SSL server certificate is useful not only for encrypting sites that start with "https: //", but also for preventing fake sites that are spoofed by a third party. However, be aware that SSL server certificates have ranks, and some are issued by untrusted authorities. EV (Extended Validation) SSL certificates, which are the highest level certification, can be expected to have extremely high reliability because they confirm the existence based on the authentication criteria.
How to Choose Countermeasure Software and Services
It does not mean that you can use any antivirus software or service. Here, we will explain the points to keep in mind when choosing security software and services.
Ease of Use
In order to maximize the effectiveness of antivirus software and services, it is important to be easy to use. Depending on the employee, it may happen that they have introduced it but cannot use it well. Ideally, it should be easy to use so that it can be shared among employees. Before a full-scale introduction, it is necessary to check the operability, interface, and manageability of the software by using the free trial version.
Lightness
Since antivirus software consumes the CPU and memory of the personal computer, the operation may become slow depending on the performance of the personal computer to be installed. If the operation becomes too heavy, it may hinder your business. If there are multiple software with similar performance, it is necessary to select software that operates lighter.
Cost Performance
Many antivirus software and services need to be updated every one to three years. The renewal fee will vary depending on the number of terminals installed. Even if the initial cost is low, it will be a big burden if the renewal fee is high. It is important to understand the overall cost including the number of terminals to be installed and the renewal fee, not the cost of software and services alone.
Summary
There are some tricky phishing scams, but basically, it's a mechanism that takes you to a fake site and lets you enter information. Introduce antivirus software and services to prevent phishing sites and literacy to detect phishing scams. And by taking security measures to protect consumers, damage can be suppressed.
Comments
Post a Comment