PiChris - Fotolia
I heard about a phishing technique called "tabnapping." What is it, and what are the best enterprise defenses against it?
The best enterprise tabnapping defense is to keep Web browsers up to date. Using antimalware software and an antimalware network device to block malicious webpages will also help mitigate the risk of attack.
Additionally, security awareness trainings should include that employees must review the URL bar prior to entering credentials into a webpage. However, it is difficult to always check the URL bar -- especially on mobile devices -- so an enterprise may want to specifically brand its login portals to help employees quickly distinguish a legitimate login page from a malicious one.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Learn how to prevent phishing attacks with social engineering tests
Don't miss the latest security awareness training tips and advice
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading