A recent NSS Labs Inc. test revealed how the top four Web browsers fair against phishing and socially engineered...
malware attacks. Can you please briefly explain what socially engineered malware attacks are, how they work and what I can do to help my employees recognize and mitigate such attacks?
A Web browser should not be the first nor only point of protection against phishing or socially engineered malware attacks; these attacks are neither dependent on the Web browsers themselves nor easily thwarted by the protections built into the different browsers.
Let's start with phishing. Many users are phished when they are not even using the Web. Most of them are email only (for example, an attack that asks the user to provide usernames, passwords or Social Security numbers). Fortunately, these attacks are becoming somewhat less common.
On the other hand, as NSS Labs reported in 2013 and 2014, a socially engineered malware (SEM) attack is an attack that tricks users into downloading and installing malicious software that compromises the security of their system. For example, this malware could be advertised as something that cleans a computer from viruses but in reality is a rogue malware application, or a malicious program disguised as a browser extension.
The standard antiphishing advice was reiterated in the NSS Labs report: Employee security awareness efforts can be effective in protecting against SEM attacks since the attack is focusing on attacking the human and the human can do the most to avoid the attack. However, security awareness is only one component of protecting an enterprise from phishing attacks. Technical components -- such as using secure browsers, securing systems, monitoring for sensitive data in email, and using the antiphishing tools included in most email systems -- will also help reduce the risk. In addition, multifactor authentication may be one of the most effective security controls to stopping account compromises from phishing attacks.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the ...continue reading
RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.continue reading
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.