The biggest threat to businesses and individuals using networked (cyber) devices today remains phishing. Its is the gateway at the heart of criminal enterprises. Part of the problem is well designed legitimate business applications use the same techniques that the crooks have adopted.
Businesses, organizations, and individuals need to have an anti-phishing strategy. Just this simple step is minimizing the risk of successful phishing attacks. Staying safe from phishing attacks is a practice. Putting this handbook into your policies and procedures manual helps thawrt attacks against the users and assets. This handbook describes the most common types of phishing attacks that occur today. Then it discusses best practices for preventing them and offers suggestions that mitigate attacks. It also helps plan a response plan for use when phishing attacks do occur.
Phishing Types and Techniques
Phishing attacks share a couple common traits. They involve attackers disguising themselves as legitimate entities within electronic communications (usually emails, although phishing attacks can also be carried out through text messages or instant messages, for example). The attacks have the goal of tricking end-users into giving away sensitive information or installing malware on their systems.
However, phishing attacks can be broken down into many distinct categories. Each category is defined by different attack goals and/or techniques.
The most common types of phishing attacks today include:
- Group phishing: Attacks that target a large group, such as all of the employees at an organization, with the same phishing email (or other types of the message). This is the most basic type of phishing attack, and the least sophisticated.
- Spear-phishing: A phishing attack that bypasses a large group and instead pursues a specific person, organization, or company. Typically the message will contain the recipient’s name or other identifying information to lend a flavor of credibility
- Whaling. This is a subtype of spear-phishing that involves targeting high-level executives.
- Clone phishing: Another subtype of spear-phishing that aims to replicate another email message that the recipient has previously received. For example, if the hacker can determine that a person recently received a shipment tracking email notification, then they may launch a clone phishing attack that sends a fraudulent message tailored to look like the same thing.
Password Policy and Secure backup are critical
Good password posture and secure backup hygien are two important components, the third pillar of not getting phished is clean routine updates and the fourth pillar is regular routine audits.
TSI Password Manager secures your new password records are input to the internet browser on your computer. From there they are protected in transit by 2048-bit RSA keys, and at rest using over 300 different rounds of 256-bit symmetric encryption, with six different randomly generated keys. Your unique encryption key (organization key) is the final step in unencrypting your data for view within the browser.
Easy as 1,2,3.
Security problem or need system support?
If you have:
- a security problem,
- technology question,
- configuration issue,
- had a network intrusion, malware or
- item place in quarantine,
call the Tekuser Service Desk at (336) 373-110(5).
Or submit a request by clicking the get help button below.
ORGANIZATION KEY
Two of the encryption keys used are unique to each password record, and one of the encryption keys called the Organization key is created and stored only on the server side. This encryption key is never stored or maintained anywhere except within the TSI Password Manager infrastructure.
PASSWORD AND
PASSPHRASE TRANSMISSION
All inbound and outbound data communication traffic with the TSI Password Management happens over TLS
1.2 using 2048-bit RSA keys to ensure the protection of your data in transit.
WEB APPLICATION FIREWALL PROXY
Unique encryption keys are retrieved from numerous sources for each password.
