When you tell me that phishers go after large enterprises, I get it. There’s a lot of valuable data there. When you tell that they go after banks, cause that’s where the money is, I understand. But, when you tell me they’re going after relief agencies, I call them cold-hearted.
That’s the news making headlines from researchers at Lookout Security. According to a blog post there, they have “detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF.”
Perhaps what’s most shocking about this campaign is that it’s not new. It’s ongoing, having been around for at least six months. The problem, of course, is that unlike banks and other enterprises with a large IT staff that can respond to phishing attacks, relief agencies have neither the time nor manpower (nor the budget) to do anything about it.
According to an article on Help Net Security, “The phishing pages are made to look like the organizations’ Office 365 login page for employees.” These pages help hackers steal credentials which enable them to penetrate the organization. And once inside, they can create all sorts of havoc. This attack is especially effective because it targets mobile devices, with small screens and truncated phishing URLs.
What these cash-strapped non-profit organizations could use is a very low cost, easy to deploy, security technology that works on mobile devices and stops phishing attacks right in their tracks. If only one existed. It does.
It’s called Phish Protection, and provides the exact solution these organizations need right now. Phish Protection can be rolled out in 10 minutes to protect everyone with the same email domain. It works on all devices, including laptops, smartphones and tablets. And it cost only pennies per account per month.
Phish Protection protects users from all the different phishing attack vectors, including the one used in this ongoing campaign, display name spoofing. This is the type of attack most commonly used to go after mobile devices because email addresses are so hard to read on small screens.
In an ideal world, these organizations, doing their good work, would not have to worry about cybersecurity and phishing attacks. Unfortunately, they do. And as you can see, they get no special consideration from phishers because they are non-profit. It’s time for these vulnerable companies to get on board and get protection from phishing with easily affordable and readily available security technology. It’s time for them to get Phish Protection.