Andrea Danti - Fotolia
Wordfence, which makes a security plugin for WordPress, discovered a phishing technique targeting Gmail users that starts with an email sent to the target user's account that sends them to a fake login page designed to look like Google's. What are the indicators users can look for to confirm that a webpage is legitimate? Are there any tools or add-ons that can prevent these sorts of phishing techniques and attacks?
Phishing attacks continue to be among the most effective ways to compromise an enterprise.
Wordfence blogged about this phishing technique from early 2017 that targeted a confusing user interface issue in Chrome web browsers, which could make a webpage appear to be Google's login page (the address bar featured accounts.google.com, leading users to believe it was authentic). Google has since addressed the issue.
Sometimes, the standard advice sounds trite, but may still be the only advice upon which we can reasonably agree. There are varying views in the security community about the value of security awareness and its effectiveness versus focusing efforts on using the company's budget for security tools. People continue to be victimized by phishing techniques, and as a security community, we need to make significant improvements to better protect people, along with reducing the cost incurred by enterprises from compromised accounts. The guidance Wordfence released about how to identify phishing techniques and fraudulent webpages is good, but we need to do more.
For this specific Gmail phishing attack, a data URL that includes a file is displayed in the location bar, which is then opened up in a new tab. Google released a Chrome web browser update, which now displays a not secure message in the location bar whenever a data URL is displayed.
There are endpoint and network-based tools and cloud services that can help address phishing. Many web browsers and endpoint security tools already include some level of protection against phishing techniques. The Anti-Phishing Working Group has a lengthy sponsored tool list that includes many different classes of tools, ranging from attack detection to email filtering.
As part of your incident response process for phishing attacks, you could perform a root cause analysis to determine what security controls need to be improved to minimize the impact of a future phishing incident, and then find tools in that category to complement existing tools.
Learn what approach your company should take after staff members fall victim to phishing attacks
Read about a phishing attack that uses voicemail notification emails to spread malware
Find out how to provide security awareness training to educate healthcare employees
Dig Deeper on Email and messaging threats
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading