A recent NSS Labs Inc. test revealed how the top four Web browsers fair against phishing and socially engineered...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
malware attacks. Can you please briefly explain what socially engineered malware attacks are, how they work and what I can do to help my employees recognize and mitigate such attacks?
A Web browser should not be the first nor only point of protection against phishing or socially engineered malware attacks; these attacks are neither dependent on the Web browsers themselves nor easily thwarted by the protections built into the different browsers.
Let's start with phishing. Many users are phished when they are not even using the Web. Most of them are email only (for example, an attack that asks the user to provide usernames, passwords or Social Security numbers). Fortunately, these attacks are becoming somewhat less common.
On the other hand, as NSS Labs reported in 2013 and 2014, a socially engineered malware (SEM) attack is an attack that tricks users into downloading and installing malicious software that compromises the security of their system. For example, this malware could be advertised as something that cleans a computer from viruses but in reality is a rogue malware application, or a malicious program disguised as a browser extension.
The standard antiphishing advice was reiterated in the NSS Labs report: Employee security awareness efforts can be effective in protecting against SEM attacks since the attack is focusing on attacking the human and the human can do the most to avoid the attack. However, security awareness is only one component of protecting an enterprise from phishing attacks. Technical components -- such as using secure browsers, securing systems, monitoring for sensitive data in email, and using the antiphishing tools included in most email systems -- will also help reduce the risk. In addition, multifactor authentication may be one of the most effective security controls to stopping account compromises from phishing attacks.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.