Vishing is an attack that attempts to trick victims into giving up sensitive personal information over the phone. Vishing attacks have high-tech elements: they involve automated voice simulation technology or the scammer may use personal information about the victim harvested from earlier cyber attacks to trick people.
A few ways to stop spear-phishing attempts
1. Inbound email sandboxing
Deploy a solution that checks the safety of an emailed link when a user clicks on it. This protects against a new phishing tactic that I've seen from cybercriminals. Bad guys send a brand new URL in an email to their targets to get through the organization's email security. The other tactic is when they inject malicious code into the website right after delivery of the email URL. This URL will get past any standard spam solution.
2. Real-time analysis and inspection of your web traffic
First, stop malicious URLs from even getting to your users' corporate inboxes at your gateway. Even if you have inbound email sandboxing for your corporate email, some users might click on a malicious link through a personal email account, like Gmail. In that case, your corporate email spear-phishing protection is unable to see the traffic.
3. Employee behavior
The human element is incredibly important. Adopting an employee testing program and do this training on-going basis.
Komentarze