Phishing: How to Counter Targeted Attacks

Phishing campaigns, which are the gateway to many data breaches, are becoming far more sophisticated as fraudsters use information available on social media to target their schemes, says Jim Hansen, chief operating officer at online security firm PhishMe.

As a result, organizations in all sectors need to educate staff about how to recognize these increasingly deceptive schemes and take steps to ensure they have simple processes in place for immediately reporting suspicious emails, he says.

"We've seen phishing continue to be the No. 1 attack vector for breaking into an enterprise," Hansen says in an interview with Information Security Media Group.

And one type of phishing attack - business email compromises or "masquerading" - is of growing concern to businesses worldwide, he says.

These wire fraud schemes involve a fraudster who impersonates a company executive or outside vendor to request that an urgent wire transfer be approved. The request is typically made through a phone call or email to the organization's accounts-payable department, Hansen says, and hinges on clever tactics aimed at fooling the account employee into believing the communication is coming directly from the CEO or some other high-ranking executive.

In late August, the Federal Bureau of Investigation issued an alert about fraud linked to business email compromise, noting that companies worldwide had lost an estimated $1.2 billion to these attacks in the last year - an estimate many fraud and security experts at the time argued was low.

"This is a very simple phishing attack. It doesn't have any malware. It doesn't have a link that looks dodgy. It's just a well-researched social-engineering attack after your finance department, asking them to wire money," Hansen says. "There's actually a publicly traded company that was forced to disclose that they lost nearly $40 million in fraudulent wire transfers," he says.

Hansen says even his company, an online security firm, has seen its employees targeted. "And we continue to get hit with these on a consistent basis," he adds. "We've actually written a couple of blog posts about a very persistent attacker that was trying to get a transfer out of our CFO."

During this interview (see audio link below photo), Hansen also discusses:

How phishing attacks waged against mobile devices are evolving; The global markets and industries that are most often targeted by phishing attacks; and How better detection of phishing attacks by employees could help reduce the risk of data breaches.

Hansen has more than 22 years of experience in information security. Before joining PhishMe, Hansen one of the founders and COO of Mandiant, and he held executive and management positions at Trident Data Systems (acquired by Veridian), Veritect (acquired by General Dynamics), Foundstone (acquired by McAfee) and Oakley Networks (acquired by Raytheon). He also was deputy director of computer crime investigations for the Air Force Office of Special Investigations.