Skip to main content

Understanding why phishing attacks are so effective and how to mitigate them


 Phishing attacks continue to be one of the common forms of account compromise threats. Every day, Gmail blocks more than 100 million phishing emails and Google Safe Browsing helps protect more than 4 billion devices against dangerous sites. 

As part of our ongoing efforts to further protect users from phishing, we’re partnering with Daniela Oliveira from the University of Florida during a talk at Black Hat 2019 to explore the reasons why social engineering attacks remain effective phishing tactics, even though they have been around for decades.

Overall, the research finds there are a few key factors that make phishing an effective attack vector:
  • Phishing is constantly evolving: 68% of the phishing emails blocked by Gmail today are new variations that were never seen before. This fast pace adversarial evolution requires humans and machines to adapt very quickly to prevent them.
  • Phishing is targeted:  Many of the campaigns targeting Gmail end-users and enterprise consumers only target a few dozen individuals. Enterprise users being 4.8x more targeted than end-users.
  • Phishers are persuasion experts: As highlighted by Daniela’s research with Natalie Ebner et al. at the University of Florida, phishers have mastered the use of persuasion techniques, emotional salience and  gain or loss framing to trick users into reacting to phishing emails.
  • 45% of users don’t understand what phishing is: After surveying Internet users, we found that 45% of them do not  understand what phishing is or the risk associated with it. This lack of awareness increases the risk of being phished and potentially hinders the adoption of 2-step verification.

Protecting users against phishing requires a layered defense approach that includes:
  • Educating users about phishing so they understand what it is, how to detect it and how to protect themselves.
  • Leveraging the recent advances in AI to build robust phishing detections that can keep pace with fast evolving phishing campaigns.
  • Displaying actionable phishing warnings that are easy to understand by users so they know how to react when they see them.
  • Using strong two factor authentication makes it more difficult for phishers to compromise accounts. Two-factor technologies, as visible in the graph above, can be effective against the various forms of phishing, which highlights the importance of driving awareness and adoption among users.  


While technologies to help mitigate phishing exist, such as FIDO standard security keys, there is still work to be done to help users increase awareness understand how to protect themselves against phishing.
 











Labels:

Popular posts from this blog

How to bypass Android Lock Screen Without Reset

 Can you bypass Android lock screen without losing? Wondering how to bypass Android lock screen without factory reset? This post is going to share you three ways of bypassing Android lock screen without data lossing. Let’s check it.  Click here to claim free gift 🧧🎁 card for free. Just a minute of ya time Nowadays, to better protect personal privacy, pay security, or something like that, Android phones enable users to set passwords or fingerprints to lock their devices. However, you may fail to unlock your Android phone if you forgot your lock password, or you can not open the old phone or broken phone. Obviously, you can unlock Android lock screen by hard resetting your phone, but you should know that a full factory reset on devices means wiping it clean of any data. Simply means that it will bring your Android phone to the same condition as it arrived in the box. To avoid losing data, it would be nice if you can bypass Android lock screen without a factory reset. So, you ...
Read more

How to edit files from your smartphone

  Note: All links are in default blue or red. Thank you ​​📄 How to edit files from your smartphone There is a wonderful website that has a bunch of free tools for working with files. It is especially convenient if you do not have a notebook with you, but you urgently need to work: convert your text file to PDF or create and sign a document. How to use it: 1. Open the website: https://tinywow.com 2. Select the desired tool. 3. Upload the file and wait for it to be processed. 4. Download the finished document. All files, both processed and unprocessed, are deleted from the server after 15 minutes. #android Review| √ FREE GUIDE ON HOW   TO CREATE A PAYPAL ACCOUNT Review| √ HOW TO RECOVER DELETED PHOTOS & VIDEOS ON MEMORY CARD, ANDROID AND PC Review|√ HOW TO GET FREE REAL INSTAGRAM FOLLOWERS FOR FREE Best regards...
Read more

How to make a file invisible by encrypting it.

How to make a file invisible by encrypting it Use the service https://7r6.com/aNLY5d if you are concerned that a file you send might be intercepted and its contents discovered. It transforms the information in the text into a difficult-to-decipher code. You must enter a password to view the file's actual contents. Use of the service: 1. Go to the website at https://7r6.com/aNLY5d (to get the site you have to bypass this site. You will be given a button in green color caption GET LINK) Select the encrypted file by clicking "Browse Files" in step two. 3. Type a password in the box below or create a random one. 4. To encrypt and download an encrypted file, click "Encrypt," then "Encrypted file." 5. Forward the file to your pal, He has to leave . He must visit the same website, get our file, decrypt it using the password we came up with, click "Decrypt," then download it again.
Read more