As security administrators and end users adopt new measures to resolve security threats, the bad guys – as usual – are creating new and innovative ways to attack.
According to the latest Internet Security Threat Report released by Symantec, these new attacks are primarily targeting the end user (i.e., your employees) instead of the computer or network directly.
Phishing and brand jacking (spoofing the identity of a known company or brand) attempts are increasing, with two basic objectives –
1. tricking the user into sharing confidential personal data such as bank account and personal identity information, which is then used to commit fraudulent acts.
2. getting the user to open an email that will open the door to the company’s network and data for viruses, Trojans and malware.
The attackers use different methods of getting the information from users. One method that is becoming more well known is directing users to a fake website and tricking them into entering account numbers, passwords and other personal info. Another is to modify the way a user sees a familiar web page, fooling them into thinking all is normal with their transaction. Some secretly install keystroke logging programs that can capture usernames, passwords, and other sensitive personal and company information.
Since the target is shifting from the IT department’s domain to the general employee population, education is key to preventing an attack. The Symantec report includes suggestions on policies and communication to help protect your organization.
Laura Leites, Assistant Editor, Smallbiztechnology.com