Page 64 - index
P. 64
Another recent attack utilized another common communication tactic, a text message from your
mobile phone provider. The bait of the message was an account credit or a discount on the
recipient’s next bill. Following the link in the text message took the victim to a mobile landing
page and then a data entry page that requested the last four digits of their social security
number, their User ID and their Password.
Here’s the tricky part about this attack. Users could only visit the fraudulent web page via mobile
phone. Going to the same page from a PC caused a 404 error. This made it harder to detect the
fraudulent site and take it down.
In both of these cases the “victims” should not have responded to communications they were
not expecting to receive. Fake login pages can be especially dangerous because sharing
credentials can make it easy for cyber criminals to access these accounts and potentially other
accounts if users don’t vary their passwords from web app to web app. These are risky
behaviors that can be changed with the right educational approach.
How should you teach your
employees to avoid phishing
attacks?
In order for security education
programs to be effective they
need to be continuous because
the threats are continuous and ever changing as evidenced by the
examples earlier in this article. Research and industry results have
shown that the current methods of classroom and video training once a year is not effective in
the battle against cyber-attack. To be most effective, cyber security awareness and training
must be ongoing to maximize learning and lengthen retention of the learned topics. The
methodology outlined below should be approached as an evolving program that strives towards
continuous improvement. A continuous cycle of assessment, education, and evaluation has
been proven to provide reduced vulnerability and it ensures that users retain training content
delivered.
64 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
