Phishing can be perilous if you underestimate its impact

A lack of a clear definition or consensus on phishing by IT individuals and their companies – not just in Asia but globally – is raising alarm bells.

asia, data management, phishing, risk management, security


What is phishing? Ask an IT professional and the definition of what it means will vary.

The most common understanding of phishing is an email that falsely claims to be from a legitimate organisation, usually combined with a threat or request for information.

Sophos’ latest study, entitled Phishing Insights 2021, conducted with 5,400 IT professionals globally, found fewer than six respondents defining phishing as the above case.

About half (46%) of respondents consider emails with a malicious attachment to be phishing, and more than one-third (36%) think thread jacking (when attackers insert themselves into a legitimate email thread as part of an attack) is phishing.

Considering this wide variation among IT professionals in how they understand or define phishing attacks, it’s reasonable to expect a similar or greater interpretations among non-IT and business employees.

asia, data management, phishing, risk management, security

Source: Sophos Phishing Insights 2021

The understanding of phishing varies amongst different IT professionals

This lack of definition of what ‘phishing’ means by IT professionals will present problems if they are mistakenly downplayed and companies become complacent.

“There is confusion about what constitutes phishing in every region. The temptation for organisations is to view phishing attacks as a relatively low-level threat, but that underestimates their power because phishing is often the first step in a complex, multi-stage attack,” says Chester Wisniewski, principal research scientist at Sophos, in an interview with ITNews Asia on the study.

“We’ve seen first-hand how a seemingly innocuous email can ultimately lead to a multi-million-dollar ransomware attack. Crypto jacking, data – and even financial – theft are all potential outcomes after a phishing attack has opened a door for adversaries.”

Why is phishing such a pressing concern?

Wisniewski says that the definition of phishing appears have over time blended with all other types of messaging attacks.

“Initially it was easy to discern between spam email and phishing email, but as email attacks diversified and the mediums we receive bogus lures expanded to include SMS, phone and other messaging systems most IT practitioners simply throw them all in the phishing bucket.”

The Sophos study reiterates that phishing is one of the most potent cyber attack techniques primarily because it continues to evolve. It is also becoming worse as adversaries have been quick to identify new phishing opportunities and develop new tactics and techniques.

This is also borne out in the study, where a majority (70%) of all IT teams globally said the number of phishing emails hitting their employees increased during 2020.

Many are taking advantage of the opportunities presented by the pandemic and the blurring of home/work boundaries the past two years.

According to the report, skilled adversary groups are now focussing their targeted attacks on countries with higher GDP. At the same time, phishing is also used in mass market ‘spray and pray’ attacks where the adversaries hope that if they try enough people, eventually someone will fall for the scam.

asia, data management, phishing, risk management, security

Source: Sophos Phishing Insights 2021

Almost every country has seen phishing attacks rise

Why is it easy now to fall prey?

Wisniewski says that as many employees are working from home, they have to determine if something is a scam without the help of the collective wisdom of their teams.

“People are less likely to ask a colleague ‘What do you think of this?’ and may end up clicking on more malicious content. The criminals themselves have focused on refining their lures to take advantage of hot topics like mask policies, vaccinations and other pandemic related topics likely to increase the likelihood of an interaction.”

While it is difficult to ascertain how an initial foothold in a ransom attack was acquired, Wisniewski believes that phishing is playing a significant role as an entry or backdoor for ransomware.

“The three primary first steps to compromise are unpatched external-facing services, remote access tool abuse and email-based attacks. Often they are combined and a phishing attack is used to gather valid credentials which are then used to abuse exposed remote access services.”

How can we stop or mitigate these new phishing threats?

Wisniewski explains that firstly employees need to be clear about what constitutes phishing and companies need to know on how to act.

Concise communications are essential to eliminate errors in policy definition. Because of the confusion amongst IT teams, he says it is important to specifically define what problem a security policy is meant to address to ensure you are in fact applying the correct control, tool or mitigation.

asia, data management, phishing, risk management, security

People are less likely to ask a colleague ‘What do you think of this?’ and may end up clicking on more malicious content. The criminals themselves have focused on refining their lures to take advantage of hot topics like mask policies, vaccinations and other pandemic related topics likely to increase the likelihood of an interaction.

– Chester Wisniewski, principal research scientist at Sophos

Wisniewski recommends three approaches to tackling phishing attacks.

  1. Have emails scanned not just for spam, but also with sandboxing technologies will dramatically reduce the amount of malicious documents that reach users’ inboxes.
  2. User education, especially reporting new phishing attacks to the security team can increase visibility and even allow faster responses to find victims of ongoing operations.
  3. The deployment of multi-factor authentication will reduce the likelihood that stolen credentials will lead to a compromise.

Sophos also advises that corporate phishing awareness and education programs consider the wide range of perceived phishing definitions and include training for non-technical employees that explain the different facets of phishing and email attacks.

This training needs to be viewed as both a preventative and a reactive tool, emphasises Wisniewski.

“Reducing the amount of malicious links and files being clicked is important and improves security, but reporting of phishing can be equally important to security teams. If five staff members receive a lure and one of them is alert enough to report it, the IT security team can approach the other four and clean up any malicious files, change passwords, etc.

“The reduction of the links clicked and reporting of malicious emails received is a solid approach to measure the progress of your training efforts.”

Internet Explorer Channel Network
News Related


Hiding from a man she once loved meant leaving everyone and everything she ever knew behind

© Provided by ABC NEWS Ruby spent two decades immersed in the underground world.  (Unsplash: Zach Guinta) Ruby Smith* was just 11 years old when she was introduced to an outlaw bikie ... Read more »

Ayres can't recall Berejiklian grant talks

The new deputy leader of the NSW Liberals, Stuart Ayres, says he does not recall any interactions with Gladys Berejiklian about a controversial $5.5 million grant to a regional shooting club ... Read more »

Sourced Group chooses Mimi Giraud to head ASEAN

Previously the Regional Director at Schneider Electric, Girard is responsible for driving the company’s regional expansion efforts. Read more »

Three steps to delivering a personalised customer experience

A customer-driven campaign should ideally include a personalised experience based on the customer’s needs and desires. The challenge is that user data is often siloed and messaging is difficult to track. Read more »

Recovering Paine eyeing return to cricket

Tim Paine is targeting a return to cricket through a second XI game for Tasmania as the Australia captain strives to prove his fitness ahead of the first Ashes Test. ... Read more »

No, no hubo un sismo de 8.2 grados en Argentina a principios de octubre

© Proporcionado por ColombiaCheck “De ultima hora. Fuerte Sismo de 8.2 grados sacude a Argentina, las imágenes son escalofriantes .Mira el video transmitido en vivo hace  30 minutos. Mira como ... Read more »

Qld parliament to probe council watchdog

Queensland Deputy Premier Steven Miles will refer a number of complaints against the state’s local government watchdog to a parliamentary committee for investigation. © Albert Perez/AAP PHOTOS Steven Miles will ... Read more »

Import Gold Trip lame, out of WS Cox Plate

French import Gold Trip has failed a race-eve veterinary check and will not run in the WS Cox Plate. © PR HANDOUT IMAGE PHOTO Trainer Ciaron Maher has been left ... Read more »

Here's where Qantas and Jetstar are flying to as international travel in Australia opens up

There will be more flights departing Australia from next month, as Qantas and Jetstar bring forward the restart date for some international routes. Qantas chief executive Alan Joyce today announced ... Read more »

Palmer 'reluctant' to run for parliament

Businessman Clive Palmer says he’s “reluctant” to run for federal parliament again because he’s got a new boat and has faith in Craig Kelly to lead the United Australia Party. ... Read more »

Spiranovic's journey comes full circle

Sixteen years after Matthew Spiranovic first turned out for Melbourne Victory as a spikey-haired teenager in a baggy kit, he can’t wait to do it all over again. © George ... Read more »

Watergate journalist Bob Woodward warns democracy is fragile after Donald Trump

© Provided by ABC NEWS Bob Woodward says it is “highly likely” Trump will run for the US presidency next election. (Supplied: Lisa Berg) Australia and the world are right ... Read more »

Nix elevate rookies for ALM campaign

After another dislocated pre-season, Wellington Phoenix have settled on a 21-strong squad for the opening rounds of the A-League Men’s campaign, elevating two rookies. © Dan Himbrechts/AAP PHOTOS Gary Hooper ... Read more »

Inquiry questions News Corp climate splash

News Corp’s global head has defended the editorial independence of the company’s Australian newspapers. © Lukas Coch/AAP PHOTOS News Corp CEO Robert Thomson has appeared via video link at an ... Read more »

NSW records 345 COVID-19 cases, five deaths as Victorian border talks continue

NSW reported 345 new local coronavirus cases on Friday, as Premier Dominic Perrottet flagged a possible change to arrangements for travel from Victoria after that state ended its lockdown. About ... Read more »

One person dead after bus and car crash in Sydney's west

A person has died after a bus and a car crash near Smithfield in Sydney’s west. Emergency services were called to the intersection of Warren Road and Liverpool-Parramatta Transitway where ... Read more »

NSW records 345 Covid cases and five deaths as state braces for spike

© Provided by Daily Mail MailOnline logo NSW has recorded 345 Covid cases and five deaths from the virus on Friday as the state’s health minister announced gymgoers would no ... Read more »

South Australia police investigate human bones found in sand dunes

An investigation has been launched after human bones were found in South Australian sand dunes. The bones were found by a member of the public in the sand at Nora ... Read more »

'Key' alleged gang figure arrested as police launch clampdown

An alleged “key figure” of the Alameddine crime family was arrested overnight, as police today pledged to step up their efforts against organised crime in Sydney, following the shooting of ... Read more »

Kids vax blitz ahead of NSW school return

Parents are being urged to get their kids vaccinated and to be vigilant for COVID-19 symptoms ahead of a full return to school in NSW. © Bianca De Marchi/AAP PHOTOS ... Read more »

No local Qld cases, but truckie positive

Queensland has recorded no local cases of COVID-19 two days after a man tested positive on the Gold Coast, and a second man may have been infectious in Brisbane earlier ... Read more »

Queensland records no new locally acquired community cases, Gold Coast man Duran Raman in serious condition in hospital

© Provided by ABC News Queensland Premier Annastacia Palaszczuk held a COVID-19 press conference this morning. (News Video) Queensland has recorded no new cases of locally acquired COVID-19 cases a ... Read more »

When your kid gets COVID at school: Katy Gallagher on being prepared

Katy Gallagher has lived every parent’s worst nightmare during the pandemic. The federal Labor Senator’s youngest child, Evie, caught COVID-19 at school during drama class, and more than two months ... Read more »

ACT records 13 new cases as retail reopens

The ACT has recorded 13 new cases of COVID-19, as the capital’s retail stores reopened to customers for the first time in more than two months. © Mick Tsikas/AAP PHOTOS ... Read more »

Live music returns to regional Victoria

Live music will grace Victoria’s regions again as part of an expanded concert series to test the state’s COVID-19 vaccination system for large crowds. © Joel Carrett/AAP PHOTOS Victoria’s Sidney Myer ... Read more »

'Project had merit': Stuart Ayres at ICAC

The new deputy leader of the NSW Liberals, Stuart Ayres, has been questioned by the state’s corruption watchdog about his support for a controversial $5.5 million grant to a regional ... Read more »

Victorian government used ‘low grade' mask study to justify mandate, experts say

A study relied on by the Victorian government to justify its strict mask mandate has been criticised by some doctors and epidemiologists as “low grade” evidence. © Provided by The ... Read more »

Mystery of human remains found at beach deepens

© Provided by Daily Mail MailOnline logo The mystery surrounding a set of human remains found in sand dunes in remote South Australia has deepened – with questions outstanding about ... Read more »

Victorian health department faces court

Victoria’s health department has faced court after it was charged over hotel quarantine failures that led to the state’s deadly second wave of COVID-19. © James Ross/AAP PHOTOS The health ... Read more »

Brumbies release Kata from Super contract

Solomone Kata has been granted a release from his Super Rugby contract with the Brumbies so he can remain in New Zealand for family reasons. © Jeremy Ward/AAP PHOTOS Solomone ... Read more »

‘Unacceptable': NSW Premier seeks urgent advice as Obeid family keeps millions despite jail terms

NSW Premier Dominic Perrottet has vowed to take action against the Obeid family, who will keep $30 million in proceeds of crime despite family patriarch Eddie Obeid and his son ... Read more »

Scott Morrison says Singapore travel bubble could be established within next week

A quarantine-free travel bubble between Australia and Singapore could be established within the next week after Prime Minister Scott Morrison confirmed the two countries were in the final stages of ... Read more »

Cleo Smith search nears one-week mark, with WA missing girl investigation entering new phase

As the search for Cleo Smith nears the one-week mark, the investigation into the four-year-old’s disappearance in Western Australia is entering a new phase. Cleo’s family say they last saw her ... Read more »

Bec and Lleyton Hewitt gear up to move to Sydney

© Provided by Daily Mail MailOnline logo They are gearing up to move to Sydney with their three children – Mia, 15, Cruz, 12, and Ava, 10. And removalists arrived at Bec ... Read more »

Aboriginal groups call on NSW government to end cultural fishing prosecutions

The New South Wales government should cease prosecuting Aboriginal people for exercising their cultural fishing rights, says a coalition of legal, social justice and Aboriginal groups. © Provided by The ... Read more »

Victoria has recorded 2,189 new local COVID-19 cases and 16 deaths as Melbourne lockdown ends

Victoria has recorded 2,189 new local COVID-19 cases and 16 deaths as the state comes out of lockdown. There are now 23,230 active cases of the virus in Victoria, and ... Read more »

Aussies could travel to Bali by Christmas, Qantas CEO says

Qantas CEO Alan Joyce has said travel to Bali will return by early 2022 “at the latest”. Currently, vaccinated travellers to the Indonesian island have to spend seven days in ... Read more »

NSW takes aim at capital gains tax breaks for property investors in bid to help first-home buyers

© Provided by ABC NEWS The housing market is growing at its fastest pace since 1989. (ABC Pilbara: Verity Gorman) The New South Wales government has taken aim at controversial tax ... Read more »

NSW records 345 COVID cases, five deaths

COVID-19 cases in NSW have fallen slightly but the state is bracing for a potential spike in case numbers, almost two weeks after stay-at-home orders lifted. © Joel Carrett/AAP PHOTOS NSW ... Read more »

Scott Morrison takes a swipe at Queensland's Annastacia Palaszczuk over her hardline border rules demanding a major quarantine change

Queensland has been closed off the NSW, Victoria and the ACT for monthsIt requires its own residents to quarantine in a hotel for 14 days when returningA home quarantine trial with 1,000 places began last week in Sunshine StateThe Prime Minister on Friday urged the Premier to 'rapidly expand' the trial Read more »
On you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic