Skip to main content

Understanding why phishing attacks are so effective and how to mitigate them


 Phishing attacks continue to be one of the common forms of account compromise threats. Every day, Gmail blocks more than 100 million phishing emails and Google Safe Browsing helps protect more than 4 billion devices against dangerous sites. 

As part of our ongoing efforts to further protect users from phishing, we’re partnering with Daniela Oliveira from the University of Florida during a talk at Black Hat 2019 to explore the reasons why social engineering attacks remain effective phishing tactics, even though they have been around for decades.

Overall, the research finds there are a few key factors that make phishing an effective attack vector:
  • Phishing is constantly evolving: 68% of the phishing emails blocked by Gmail today are new variations that were never seen before. This fast pace adversarial evolution requires humans and machines to adapt very quickly to prevent them.
  • Phishing is targeted:  Many of the campaigns targeting Gmail end-users and enterprise consumers only target a few dozen individuals. Enterprise users being 4.8x more targeted than end-users.
  • Phishers are persuasion experts: As highlighted by Daniela’s research with Natalie Ebner et al. at the University of Florida, phishers have mastered the use of persuasion techniques, emotional salience and  gain or loss framing to trick users into reacting to phishing emails.
  • 45% of users don’t understand what phishing is: After surveying Internet users, we found that 45% of them do not  understand what phishing is or the risk associated with it. This lack of awareness increases the risk of being phished and potentially hinders the adoption of 2-step verification.

Protecting users against phishing requires a layered defense approach that includes:
  • Educating users about phishing so they understand what it is, how to detect it and how to protect themselves.
  • Leveraging the recent advances in AI to build robust phishing detections that can keep pace with fast evolving phishing campaigns.
  • Displaying actionable phishing warnings that are easy to understand by users so they know how to react when they see them.
  • Using strong two factor authentication makes it more difficult for phishers to compromise accounts. Two-factor technologies, as visible in the graph above, can be effective against the various forms of phishing, which highlights the importance of driving awareness and adoption among users.  


While technologies to help mitigate phishing exist, such as FIDO standard security keys, there is still work to be done to help users increase awareness understand how to protect themselves against phishing.
 











Labels:

Popular posts from this blog

How to bypass Android Lock Screen Without Reset

 Can you bypass Android lock screen without losing? Wondering how to bypass Android lock screen without factory reset? This post is going to share you three ways of bypassing Android lock screen without data lossing. Let’s check it.  Click here to claim free gift 🧧🎁 card for free. Just a minute of ya time Nowadays, to better protect personal privacy, pay security, or something like that, Android phones enable users to set passwords or fingerprints to lock their devices. However, you may fail to unlock your Android phone if you forgot your lock password, or you can not open the old phone or broken phone. Obviously, you can unlock Android lock screen by hard resetting your phone, but you should know that a full factory reset on devices means wiping it clean of any data. Simply means that it will bring your Android phone to the same condition as it arrived in the box. To avoid losing data, it would be nice if you can bypass Android lock screen without a factory reset. So, you ...
Read more

How to make a file invisible by encrypting it.

How to make a file invisible by encrypting it Use the service https://7r6.com/aNLY5d if you are concerned that a file you send might be intercepted and its contents discovered. It transforms the information in the text into a difficult-to-decipher code. You must enter a password to view the file's actual contents. Use of the service: 1. Go to the website at https://7r6.com/aNLY5d (to get the site you have to bypass this site. You will be given a button in green color caption GET LINK) Select the encrypted file by clicking "Browse Files" in step two. 3. Type a password in the box below or create a random one. 4. To encrypt and download an encrypted file, click "Encrypt," then "Encrypted file." 5. Forward the file to your pal, He has to leave . He must visit the same website, get our file, decrypt it using the password we came up with, click "Decrypt," then download it again.
Read more

Earn money from Telegram by using EarningGram bot.

EarningGram is the best Telegram bot that allows you to earn money in Telegram. With EarningGram, You can earn as much as 5% of your Telegram referrals' earnings! EarningGram Bot helps you make money by doing simple tasks on your Telegram app. Whatever you want, when you want it. It's fast, easy to use and free. WHY TO ACCUMULATE MORE  Create a Telegram Channel and Earn money every time you send a message. EarningGram bot will automate your Instagram, Facebook, Twitter accounts and also Telegram. Facebook, can be a means of promoting affiliate programs.          GETTING STARTED If you don't have the telegram app download from play store. Click here to lead you to the bot. Tap on the start and do all necessary task you are been asked. You will be asked to submit your Coinbase email. That's the email you used to create your Coinbase account. If you don't have one create one ASAP!!! Create here   Accumulate more by sending your referral link. Minimum pay...
Read more