|
The threat from phishing has intensified – Tools such as Threat Intelligence Platform and IP Geolocation API can help identify and neutralize the danger in several ways.
Just when we thought that phishing has run out of its bag of tricks, hackers are changing their tactics. Whereas before the attacks could be generalized and random, this time, they are more targeted, tailored, and personal. What are crooks up to?
Well, one disturbing pattern is that phishers are quietly taking over email accounts and studying the exchange of communication to determine just the right moment to spring an attack.
This is scary because they’re putting themselves in a position to observe the intimate transactional details such as payment schedules and then act in the nick of time to divert the payoff. In this post, we are going to talk more about what these attacks might look like in practice and what can be done.
Gone Phishing: Understanding the Clever Ploy
To give an example of how sophisticated phishing takes place, a phisher would hack into the emails of a mortgage lender to get privy to the latter’s communication with borrowers. For days, the intruder would patiently observe the progress of negotiations until the final stages when the payment of closing fees is discussed. It is at this point when the attacker beats the mortgage lender to the buzzer, sending instructions to the trusting victim to proceed with a deposit to a rogue account—without the impersonated party knowing of course.
Clever, isn’t it? So, how does one guard against such a ploy? Well, there are several ways businesses can protect themselves. Let’s talk about three of them that can help prevent or minimize the dangers of spear phishing expeditions.
1. IP Geolocation API: Pinpointing Phishers’ Whereabouts
Hackers exploit the trust between people that regularly communicate with each other. So as a matter of prudence, it could be recommended to pause and take a second look at your correspondence using an IP geolocation API that can help pinpoint the perpetrator.
In fact, you can learn how it can be done by reading our blog post on The Use of IP Geolocation Data. In it, we advise subjecting emails to a geographical plausibility check to see if they’re legit. Another technique implies using the IP geolocation data to analyze large volumes of emails to uncover a suspicious network of connected domains that might be coordinating a phishing attack.
2. Domain Malware Check: Well-Connected Against Suspicious Sites
A Domain Malware Check API is a tool from Threat Intelligence Platform that helps prevent phishing by using its connections with different cybersecurity databases. More specifically, it allows users to automatically check whether a suspicious domain they are about to connect with is considered dangerous in one or several databases.
One of the useful ones, for instance, is called PhishTank which is a source specifically set up to combat phishing by tracking down the sites that are being used as staging points for attacks. Google Safe Browsing, another one of its allies, can help by blacklisting suspicious sites and sending alerts against hosts with possible phishing content.
3. WHOIS Data: Identifying Malicious Entities through Their Records
Another phishing nemesis from Threat Intelligence Platform is the WHOIS records feed that displays the personally-identifiable information on domains and their owners. It can be used to compare the contact and other details of a suspicious website with those from WHOIS records for any inconsistencies that can tip you off.
While performing this, pay particular attention to registration dates because bad actors often claim to be in the business for years yet show differently on the records. That’s why recently registered domains should be considered as warnings.
* * *
The threat from phishing has intensified, and businesses need all the help they can get to parry the ever-complex attack in 2019. Thankfully, tools such as Threat Intelligence Platform and IP Geolocation API can help identify and neutralize the danger in several ways.
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign