Hey Phishing, You Old Foe — Catch This Cognitive Drift?

Phishing is one of the internet’s oldest online threats. Its history traces back to the mid-1990s, but it unfortunately continues to escalate in numbers. Based on social engineering, phishing can be delivered to an email address or through an SMS message with a URL inside. It can even come from inside a document saved locally on the recipient’s endpoint.

Phishing attacks have been successful throughout the years because:

• They trigger the basic human instinct to act.
• They have become more convincing than ever and are difficult for recipients to visually detect.
• They advance in technical terms as their perpetrators come up with new and stealthy ways to serve them to unsuspecting victims.
• Attackers register cheap domains on new generic top-level domains (gTLDs), making the sites appear more legitimate but also harder to shut down.

The challenge in mitigating attacks lies in educating users across all age groups and sophistication levels and adapting the right technology to the problem, both for the consumer market and for businesses. But limiting the effects of phishing attacks starts earlier than that, with prompt classification and blocking of phishing sites as soon as they emerge.

Dear reader: this post is part of my research work at IBM X-Force. Read the complete post here.