A recent NSS Labs Inc. test revealed how the top four Web browsers fair against phishing and socially engineered...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
malware attacks. Can you please briefly explain what socially engineered malware attacks are, how they work and what I can do to help my employees recognize and mitigate such attacks?
A Web browser should not be the first nor only point of protection against phishing or socially engineered malware attacks; these attacks are neither dependent on the Web browsers themselves nor easily thwarted by the protections built into the different browsers.
Let's start with phishing. Many users are phished when they are not even using the Web. Most of them are email only (for example, an attack that asks the user to provide usernames, passwords or Social Security numbers). Fortunately, these attacks are becoming somewhat less common.
On the other hand, as NSS Labs reported in 2013 and 2014, a socially engineered malware (SEM) attack is an attack that tricks users into downloading and installing malicious software that compromises the security of their system. For example, this malware could be advertised as something that cleans a computer from viruses but in reality is a rogue malware application, or a malicious program disguised as a browser extension.
The standard antiphishing advice was reiterated in the NSS Labs report: Employee security awareness efforts can be effective in protecting against SEM attacks since the attack is focusing on attacking the human and the human can do the most to avoid the attack. However, security awareness is only one component of protecting an enterprise from phishing attacks. Technical components -- such as using secure browsers, securing systems, monitoring for sensitive data in email, and using the antiphishing tools included in most email systems -- will also help reduce the risk. In addition, multifactor authentication may be one of the most effective security controls to stopping account compromises from phishing attacks.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.