If you survey your co-workers, chances are high you will find they have received a phishing email at some point. It’s not surprising since phishing is the number one cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day, or nearly 1.5 million each month (Webroot Quarterly Threat Trends Report, 2017). Phishing started in the 1990s and has gained traction over the last three decades, continuing to be a highly effective tactic despite advances in technology to combat it.
With the prevalence of phishing today, Federal compliance frameworks such as FedRAMP are now requiring phishing testing. One of the best ways to train employees to identify phishing attempts is by performing continuous assessments. By doing this in a controlled environment, identification becomes second nature. In this white paper, we will review many aspects of phishing to include:
- Origin and History of Phishing - We will start by examining the origin of the word, its history, and how it has been perceived over the past few decades.
- Types of Phishing - Next, we will examine four distinct types of phishing, (1) malicious link, (2) credential harvesting, (3) payload delivery, and (4) elicitation phishing.
- Phishing Case Studies - Lastly, we will take a closer look at real-world phishing as we review three case studies from major data breaches with phishing as the root cause.
To read the rest of this whitepaper, click this link: Social Engineering: Phishing (PDF)