Phishing is a form of cyber attack where a hacker attempts to acquire confidential user information by tricking the user to supply user names, passwords, government ID #s, or credit card information to a seemingly trustworthy source. The hacker can then gain unauthorized access to accounts and applications using the valid credentials.
Phishing emails, text messages, and websites that look like legitimate & trusted websites are tools that hackers use to elicit sensitive data from unprotected users. In 2015, there were more than 1.4 million unique phishing attacks reported, according to the Anti-Phishing Working Group. This is 101% increase compared to the year before. Worse yet, 2016 is trending toward an alarming 2.5 million unique phishing attacks this year alone.
Ways to Protect Against Phishing Attacks
While it is not possible to stop Phishing attempts, it is quite possible to make them ineffective. Three major forms of strong authentication can be used to combat a Phishing attack:
User Authentication Authentication is a method of virtual identity verification. It is provided via one-time passwords, generated by VASCO’s DIGIPASS authenticators, which are required at each login. Due to their dynamic nature, one-time passwords cannot be reused at a later time if acquired during a Phishing attack.
Host Authentication This mechanism verifies the authenticity of the website. The authentication code will not be confirmed at a spoofed Phishing site.
Transaction Authentication e-signature is a method of verifying the authenticity of a transaction or a document, including the person conducting the transaction, the monetary value, and the recipient. The authentication code will not be confirmed in case of a man-in-the-middle attack. e-Signatures guarantee a transaction was not fraudulently altered in transit.