BLOG: The Golden Hour of Phishing Attacks
Amit Klein, CTO at Trusteer, has an interesting blog on the incidence of successful phishing:
We recently conducted research into the attack potency and time-to-infection of email phishing attacks. One of our findings was eye-popping, namely, that 50 per cent of phishing victims’ credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn’t include the time required to take down the phishing Web site, we have dubbed the first 60 minutes of a phishing site’s existence [as] the critical ‘golden hour’.
Trusteer’s solution is for the security industry to recognise and react to phishing campaigns with greater speed:
As an industry, our goal should be to reduce the time it takes for institutions to detect they are being targeted by a phishing attack from hours to within minutes of the first customer attempting to access a rogue phishing page. We also need to establish really quick feeds into browsers and other security tools, so that phishing filters can be updated much more quickly than they are today. This is the only way to swiftly takedown phishing websites, protect customers, and eliminate the golden hour.
But as users, we cannot simply rely on the industry to protect us. That is a dereliction of responsibility when we need to accept more, not less, personal responsibility for our behaviour online. Amit Klein is right – the industry needs to be as effective as possible. But just as the industry needs to block phishers, we as users need to ignore phishers.
There are two primary actions we can take. The first is increased security awareness; and that means continuous staff training. The second is to make it more difficult to be phished, by preventing the automatic running of scripts by our browsers. For example, Firefox users can install the NoScript add-on (see here for an interview with its developer, Giorgio Maone). Non-Firefox users should become Firefox users.