_Corporate data under threat from phishing attacks

An e-mail with the request to “Please click here to confirm your data” or a fake landing page – these are the types of tricks scammers repeatedly use in their attempts to steal sensitive user data. So-called phishing is and remains one of the greatest security risks of the digital era.

Security experts from Mobco, Nomasis, CWSI and EBF explain why phishing constitutes such a threat, and how companies can protect themselves and their employees from being caught.

Phishing

ˈfɪʃɪŋ/

The name is derived from the word fishing, i.e. angling. The bait is a bogus landing page, e-mail or text message. One very common trick, for example, is an e-mail informing the user that their account information and access data (e.g. user name and password) are no longer secure or up-to-date, and that they need to change them following the link in the e-mail. However, the link doesn’t lead them to the original page of the relevant service provider (e.g. the bank), but to a website that has been set up by the scammer.

Mobile Device Phishing Threat

_Is phishing a threat on mobile devices?

In a regular office environment, the security officer can control attacks by using high-performance network security measures. However, we usually don’t have these on mobile devices.

So yes, phishing is probably the most dangerous attack method on mobile to date. And it is also far more complex for the user to identify a fake website or app on a mobile device, which heightens the risk even further.

Björn Kemps


Director Business Development
mobco

Facebook Messenger Phishing

_Many people are aware of phishing attacks that are carried out by e-mail. Do people also have to be careful when using other channels?

Yes, unfortunately they do. While phishing e-mails are the most frequent channel used to propagate phishing attacks, other methods have now been developed, such as attacks via text messaging or Facebook messages. And this is especially insidious, as the victims are convinced they are communicating with a friend and don’t suspect anything untoward is happening. They follow the link that the supposed contact has sent and fall straight into the trap.

On the other hand, scepticism now tends to be somewhat greater. The biggest danger is that new phishing methods are constantly being developed.

_Where do we need to be especially vigilant?

The main threat is in WiFi networks, because it’s especially easy to place fraudulent landing pages there. And to reach them, you don’t even have to click on a link that you might judge to be dangerous. In addition, special equipment can be used to read the data of all users located in the same network.

Philipp Klomp


Founder and CEO
Nomasis

Password Policy

_There are obviously enough points of attack. But how can companies protect themselves and their employees from cyberattacks?

In the first place, they need to have a sensible password policy. Users should not just use a secure password but, ideally, a different password for each platform. In case of misuse, this prevents criminals from being given access to a wide range of sensitive data.

If possible, companies should look to two-factor authentication, which, in addition to the input of user data, also requires a second step, for instance a text message code to be entered that is sent to the user’s cell phone. This raises security for an account enormously.

Secondly, in addition to a smart password policy, there are also a number of different solutions that support device security and guarantee protection for company data in the event of misuse.

_What solutions are available in this case?

Companies should seek to ensure the security of their mobile fleet across the board. It is advisable, for example, to implement Enterprise Mobility Management, or EMM for short, that can manage all mobile devices. It can be used to enforce security standards – for example the password requirements described above – and to protect company data in the event of attack.

Container solutions, which separate company data and apps from other data, also offer the possibility to delete sensitive data from a device in the event of a cyberattack. There are also several special solutions that can help you to take preventative measures against app, web, device and network-based threats, to detect mobile attacks and to take countermeasures in case of an attack.

Additionally, they can help to block malicious destinations before a connection is established, monitoring login data and warning the user immediately in the event of misuse. In the past, we could only rely on employee awareness to avoid mobile phishing attacks, but these days we have technology to help us prevent such incidents from happening.

Ronan Murphy


CEO
CWSI

WiFi and User Security

_What do employees need to bear in mind to protect themselves from phishing attacks?

As a basic rule, always be alert. Any e-mail or text message calling on you to open a link and enter your data is more than just a little suspicious. For this reason, always navigate to a website via your browser, and only then log in to be certain that you are accessing the right address. Also make sure the page is encrypted; if https is in the web address, it’s a secure connection.

A common indication of a phishing e-mail is also in the way you are addressed. Since these e-mails are sent out as mass mailings, you will often just see a generic salutation. Your bank would know your name and use it to address you.

Marco Föllmer


Founder and Managing Partner
EBF

_You already mentioned the subject of WiFi: how can people protect themselves when using a public WiFi network?

It’s not so much a question of protecting yourself but more one of avoiding public WiFi networks. If this is not possible, people should avoid using sensitive platforms when logged into a public WiFi network – such as online banking portals, for example.

Markus Adolph


Founder and Managing Partner
EBF

Please do not hesitate to contact us if we can assist you in securing your mobile devices.