Companies need to educate and conduct both email and web filtering to protect against phishing

News by Dan Raywood

Spear phishing is becoming easier thanks to job titles and personal information being published on social networking sites.

Spear phishing is becoming easier thanks to job titles and personal information being published on social networking sites.

Speaking at the SC Magazine Unknown and Emerging Online Threats conference earlier this week, Ian Moyse, EMEA channel director at Webroot, claimed that there was a low number of people who enter their data into phishing sites but there was a growth in the amount of sites.

Moyse said that the average campaign will claim a response of around four per cent, while there is a growth of phishing sites by 28 per cent. Of those distributing links via email, this is high with a growth in 2008 of 71 per cent.

Moyse said that whichever stats you look at, phishing attacks continue to grow.
“Could users be tricked by phishing? The interesting thing I find is that phishing is an electronic method of taking information. I can target a user by looking on Facebook or LinkedIn," he said.

“One hacker said that social networking sites are ‘the single most effective method in my arsenal'. They make money out of it, so they won't stop and if they have money they are more sophisticated, and they have the funding to do this.”

Taking a poll from the delegates on what was the most effective method to stop phishing, education came top with 83 per cent believing that it was the best option. PC filtering was selected by nine per cent, while email filtering and URL filtering both took four per cent of the vote each.

Moyse said: “How can a user spot what is good and bad? Spam filtering is not going to get perfect accuracy. The average phishing site is online for three to five days, so we need instant updates. We have got to come up with new stuff to counter it, but how can you block if it is mis-categorised?”

A second poll asked which area did delegates think would best improve business with anti-phishing protection. Both email and web filtering topped the vote with 58 per cent, mobile user protection took 23 per cent, sole web filtering nine per cent and spam filtering five per cent. Five per cent of the audience believed that they were 100 per cent confident in their existing protection.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike