Data breaches continue to happen with alarming frequency. The recently released 2018 End-of-Year Data Breach Report from the Identity Theft Resource Center reveals that more than 400 million consumer records were compromised in 2018, a 126% increase over 2017. Many of these breaches were due to phishing incidents, in which a cybercriminal was able to dupe an unsuspecting individual into clicking on a bogus link or opening a malicious attachment. While anti-phishing email security solutions are any organizations best defense against phishing attacks, there is also a wealth of IT security and anti-phishing resources available to you—and they’re all just a few taps away.
Six IT Security and Anti-Phishing Resources
Podcast: Security Now!
One of today’s most popular IT podcasts, Security Now! offers a well-rounded look into the world of IT security (phishing included). Hosted by Steve Gibson and Leo Laporte, the podcast records live every Tuesday at 4:30pm EST. Many people know Steve Gibson as a software engineer, researcher, and IT security guru—what they may not know is that he got his start at Stanford University’s artificial intelligence lab when he was just 15 years old! Partner Leo Laporte, founder of Twit TV, is a former television host and author who has been fascinated by technology since acquiring his first home computer—an Atari 400.
Together, Gibson and Laporte launched Security Now! in 2005 and have been going strong ever since. The podcast typically runs about two hours, beginning with a look at recent security news followed by a particular topic. There are also bi-weekly “mailbag” episodes, in which the duo tackle questions submitted by listeners, a great way to gauge what's on other people’s minds when it comes to IT security.
Not able to tune in each Tuesday for two hours? No problem; the site archives each recording so you can catch up at your convenience.
Social Site: Reddit Phishing
You may be surprised to see Reddit on this list, but the site can be a real eye-opener. Often referred to as “the front page of the Internet,” Reddit is where nearly everything you have seen catching viral buzz probably started! That makes it an ideal anti-phishing resource and a great place to learn about new phishing threats. Many posts begin with a question posted from users around the globe, and then experts (and the general public) weigh in.
To give you an idea of what’s currently being talked about on this channel, recent posts include What is the Difference Between Spam and Phishing? and Analyzing a Massive Office 365 Phishing Scam, along with user queries such as Is this a phishing scam? It seems too good to be true (screen grab included).
Whether cultivating knowledge about new phishing scams or educating employees about the dangers of phishing, pulling questions straight from Reddit and addressing them during training can be very beneficial.
Report Phishing: Anti-Phishing Working Group
Received an email that appears to be a phishing attack and want to be sure—or just want to alert others? Send it to the Anti-Phishing Working Group (APWG). The APWG is an international coalition dedicated to unifying the global response to cybercrime across government and non-government organizations. The APWG encourages individuals to forward suspicious emails for analysis through their anti-phishing tools by sending it to email@example.com.
Because phishing attacks are constantly evolving, a one-time book can quickly become dated. However, Phishing Dark Waters serves as an excellent introduction to phishing for those trying to gain awareness and those tasked with training others on how to prevent phishing. It was written by Christopher Hadnagy, a specialist in the human aspects of technology and a frequent speaker at security conferences, and Michele Fincher, a behavioral scientist, researcher, and information security professional. Together, they delve into human nature, and the ways in which phishers are able to influence and manipulate people using age-old tactics.
Not content to just explore why we are so easily phished, Phishing Dark Waters also includes detailed examples of high-profile breaches and an examination of various attacks over the years, including the one that seemed to start it all: the Nigerian Prince scam.
Lastly, the book instructs readers on the ways they can protect themselves and their organization using anti-phishing tools, and how to create their own phish (also known as phishing simulations) as part of a security awareness program.
Webinars and Whitepapers: StaySafeOnline
With a mission to “educate and empower our global digital society to use the internet safely and securely,” the National Cyber Security Alliance (NCSA) came together to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online.
To create awareness around cybersecurity and phishing, the organization has compiled a wealth of anti-phishing resources, ranging from webinars (Cybersecure My Business!) to whitepapers (The State of K-12 Cyberethics), infographics (The Cybersecurity Lives of Millennials) to tip sheets (Staying Safe From Cybercrime During Tax Time).
Blog: Phish Food
Not to toot our own horn, but we’d be remiss not to include Clearedin’s very own anti-phishing resource, our “Phish Food” blog. As a modern anti-phishing platform that engages and educates users while keeping them safe, Clearedin prides itself on keeping IT experts and the general public in-the-know when it comes to the latest phishing scams and best techniques for prevention. In our blog, you’ll find weekly posts with topics ranging from Anti-Phishing Solutions in the Age of GDPR to The Dangers of Unicode in Domain Spoofing Phishing Attacks.
We hope you find these anti-phishing resources useful, and helpful in upping your anti-phishing prowess. Of course, nothing beats an active defense anti-phishing solution, so if you’re looking to stop phishers dead in their tracks, contact the experts at Clearedin. We quickly harpoon dangerous phishing emails and red-flag malicious URLs so your organization and its users are protected.