1 / 12

Why you need to beware of phishing attacks using fake traffic violations? - emPo

Phishing emails that use fake traffic violations as a bait are on a rise. These emails trick victims into downloading Trickbot, a dreaded malware.<br>Visit: https://www.empowerelearning.com/blog/phishing-attacks-using-fake-traffic-violations/

emPowereLearning
Download Presentation

Why you need to beware of phishing attacks using fake traffic violations? - emPo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Founded in 2008, emPower elearning solutions is an award- winning provider of technology solutions for regulatory compliance purposes. Our leading product is a proprietary learning management system for managing compliance activities, such as employee training, online policy and procedure management, and compliance tracking, for small teams and large enterprises.

  2.  Phishing emails that use fake traffic violations as a bait are on a rise, CISA and FBI warn.  Victims are being tricked into downloading Trickbot, a dreaded malware using phishing emails. The messages trick users into clicking a link to see the proof of their traffic violation. But, clicking the link takes them to a spoofed website.  The website prompts the victim to click the photo proof of their violation. Unfortunately, clicking the photo proof initiates the download of a malicious program onto the victim’s computers. The malicious program, in turn, downloads Trickbot to the victim’s computer.

  3. The Trickbot malware was ranked as the top threat for businesses in 2018. Previous versions of the malware were used to steal login credentials from infected computer. But, its recent versions have become a powerhouse for hacking activities. The newer variants can spread across computer networks, steal data, cryptomine, and download additional malicious programs onto the victim computers. It has become a tool for ransomware attacks as well.

  4. •Last year, Microsoft carried out an operation to disrupt Trickbot. In October, 2020, it announced that it had successfully cut off the key infrastructure spreading the malware. But, the malware has made a comebacksince then. •As perthe CISA-FBI warning, the phishing emails attempting to trick victims into downloading Trickbot, are also using the malware to Drop other malware, including Conti Ransomware Serve as a downloader for Emotet, another dreaded malware •Besides this, the malware would try to exfiltratedata from your computer. In addition, the criminals can use it to steal credentials, cryptomine, and attack other computers connected to your network. •Unfortunately, it can be difficult to differentiate a fake email from a genuine one. This is because criminals tailor their messages to look like the original communication. Thus, it’s important for you to ensure that your workers are trained to guard against such attacks.

  5.  Thus, you need to put in place an information security training program that covers topics such as:  How phishing works  How to identify spoofed emails  How to report suspicious emails  You need to train your employees on secure email practices too. This includes, how to examine the sender email address, embedded links, and attachments.  Similarly, your employees need to know about spear phishing attacks as well. As spear phishing emails appear to be from a trustworthy sender, they are more difficult to spot, and thus more damaging.

  6. •In our opinion, employers need to couple their security training with phishing tests. Such tests are good for checking the resilience of your security infrastructure. •A phishing test sends a fake-phishing email to employees, and checks if they fall for the bait. These tests serve two purposes. Firstly, they train employees on the traits of a phishing email. And secondly, they help the IT staff figure out how vulnerable their network is to intrusion. On this subject, the NIST suggests that you should use the phish scale to rate the success of your tests. •Simultaneously, you also need to put in place technical controls to aid your IT staff handle the phishing threat. For example, spam filters, blacklisting malicious domains, disabling downloads, blocking macros, and red flagging suspicious behavior can help to lower the rate of attacks.

  7. Fighting phishing has to be a continuous effort on your behalf. Fake traffic violations are just one form of the lures used by cybercriminals. For instance, pandemic-themed attacks that use vaccines and stimulus checks as bait are rising as well. So, you need to ensure that your staff is aware of the dangers posed by phishing, and how to deal with such an attack.

  8. Visit: https://www.empowerelearning.com/ Email:sales@empowerbpo.com Phone No. (502) 400-9994 Address: 12806 TowneparkWay Louisville, KY 40243-2311

More Related