Phishing season is around the corner – don’t take the bait!
JOHANNESBURG – September 23, 2019 –The season for serious shopping is almost upon us - and with it comes the problems of phishing and fraud. As the traditional holiday and related shopping season beckons – traditionally ramping up in October and finally ending in January - organisations are well-advised to remind their employees of the dangers of phishing e-mails, and give them the required training and technical support they need to avoid falling prey to scams.
This is according to Simon McCullough, F5 Networks channel partner manager in South Africa, who says, “The F5 ‘2018 Phishing and Fraud Report’ found that phishing continues to be a top attack vector and is, in many cases, the hacker’s tried-and-trusted, initial probe in multi-vector attacks, with phishing being the root cause of 48 percent of the data breaches that F5 Labs investigated during the period of the report.
“F5’s research, which was also sub-titled ‘Attacks peak during the holidays’, outlined how phishing and cyberfraud start to increase steadily towards the end of the year, with incidents from October to December jumping an astonishing 50 percent and upwards from the annual average.”
The report notes that this time-frame is the season: ‘…when phishers and fraudsters creep out of their holes to take advantage of people when they’re distracted: businesses are wrapping up end-of-year activities, key staff members are on vacation, and record numbers of online holiday shoppers are searching for the best deals, spending more money than they can afford, looking for last-minute credit, and feeling generous when charities come calling.’
Marcel Fouché, networking and storage general manager at value-added distributor Networks Unlimited Africa, a channel partner of F5 in sub-Saharan Africa, comments, “The old saying, ‘Forewarned is forearmed’, should prompt us into vigilance. This report reminds us that the general strategy of a phisher involves three distinct operations, namely target selection, social engineering, and technical engineering. It’s a combination of research, to a greater or lesser degree; baiting a metaphorical hook; and then supporting these ill-intentioned out-reaches with technological methods to lure the victim into the final trap, which, when successful, allows the phisher to harvest information or plant malware into the network.
“We should also note that people today tend to voluntarily provide a great deal of useful information about themselves online. Additionally, large-scale data breaches unfortunately result in information for sale. This all works together to make it easier for scammers to specialise their phishing campaigns, which in turn makes them more effective.”
In more detail, phishing works as follows:
- Target selection involves finding suitable victims, especially their e-mail addresses and, when the lure is more sophisticated, also enough background information to find a psychological reason for them to click on the bait.
- Social engineering involves then ‘baiting’ the technical hook with a suitable lure that would entice a victim to ‘bite’, allowing the cybercriminal to steal their credentials, or plant malware. In the case of spear-phishing, this lure is very specifically customised to the targeted victim.
- Technical engineering refers to the methods employed to hack the victim, which can include building fake websites, crafting malware, and hiding the attack from security scanners.
“But it’s not all doom and gloom,” advises Fouché. “The report also offers valuable explanations of how phishing works, how to defend your network against phishing attacks, and the importance of training your employees to recognise malicious e-mails. Reducing the amount of phishing e-mails that creep into employee mailboxes is key, but you also need to accept the fact that somewhere along the way, employees will fall victim to a phishing attack.
“It is, therefore, also vital to prepare your organisation with containment controls that include web filtering, anti-virus software, and multi-factor authentication. Silly season is going to be upon us all too soon, and so organisations are well-advised to empower their employees against the dangers of phishing e-mails, both with training as well as technological defences,” he concludes.
You can access the full F5 ‘2018 Phishing and Fraud Report’ here.
F5 makes apps operate faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organisations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com.
About Networks Unlimited Africa
Networks Unlimited Africa is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Altaro, Attivo Networks, Carbon Black, Cofense, Fortinet, F5, Hitachi Vantara, Indegy, Mellanox Technologies, NETSCOUT, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Tintri by DDN and Uplogix.
Our product portfolio provides cutting edge solutions from the network edge to the data centre, and addresses key areas such as cybersecurity in the IT/OT space, hybrid cloud, datacentre and infrastructure, networking and integration, SD-WAN solutions, network performance management and application performance management, application delivery networking and load balancing, DataOps management and data management, and backup and recovery solutions. Most of our solutions are highly regarded by Gartner and will be found on their respective magic quadrants.
Since its formation in 1994, Networks Unlimited Africa has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.
Networks Unlimited Africa
+27 (0) 11 202 8400
+27 (0) 82 602 1635