Today is Safer Internet Day, a global event aimed at promoting safer use of online technology and the creation of a safe and stimulating online environment for everyone.
Making the internet a safe and better place for children is a major focus of this year’s events. Initiatives have been launched to promote the benefits of the internet and draw attention to the risks of internet use.
The internet can be a dangerous place and cybercriminals are ready and willing to take advantage. Businesses and consumers are being targeted in an attempt to steal sensitive information, money, and deliver malware and ransomware and cyberattacks are now being reported at an unprecedented rate.
One of the main ways information and money is stolen is through phishing. Phishing is most commonly associated with email attacks, but most phishing campaigns also have a web component. Hyperlinks are sent in emails that direct unsuspecting users to a website hosting a phishing kit that harvests sensitive information such as login credentials, credit card information, and personal information such as dates of birth and Social Security numbers – information that is valuable to identity thieves.
Phishing websites are virtual carbon copies of genuine websites and they can be difficult to distinguish from the websites they have been set up to spoof – PayPal, Google, and Microsoft Office 365 to name but a few.
The digital security solution provider Avast published a study today which highlighted how effective these sites are at convincing people to part with sensitive information… and how bad people are at differentiating between genuine websites and fake webpages set up by cybercriminals.
The study, conducted by Toluna on behalf of Avast, involved showing respondents a screengrab of a genuine website and a phishing website and respondents were asked which was which. Only 29% of respondents answered correctly.
When asked whether they had been the victim of a phishing attack, 14% said yes and many were unsure. Of those that had been fooled by a phishing scam, 55% said it happened via email, 39% said it happened online, and 27% said it happened over the telephone.
The study highlights how sophisticated cybercriminals have got, how difficult it can be to identify phishing attacks, and how education about online threats needs to be improved.
Safer Internet Day helps raise awareness of online threats with consumers, but businesses should also be taking action to reduce the threat of web-based attacks. Businesses need to improve security awareness of the workforce through regular training. Employees need to be told how to identify phishing attacks and potentially malicious websites.
Training can reduce susceptibility to phishing attacks and improve resilience, but what is also required are technical defenses to ensure that employees’ security awareness is not often put to the test.
The key to mounting a strong defense against phishing is to implement layered defenses. To keep inboxes free from phishing threats, an advanced spam filtering solution is required. To block the web-based component of phishing attacks, a web filtering solution should be deployed. A web filter will prevent network and Wi-Fi users from visiting phishing and other malicious websites. The latter can also be used by Wi-Fi hotspot providers to block access to illegal and age-inappropriate web content to prevent minors from accessing harmful content – another key focus of Safer Internet Day.