Menene Kwaikwayo na phishing? - IBM Blog

Menene kwaikwayo na phishing? – IBM Blog

Mutum a kwamfuta yana duba imel akan waya

By Annie Badman 5 min karanta

Cybersecurity Agusta 9, 2023

Simulation na phishing shine a Cybersecurity motsa jiki wanda ke gwada ikon ƙungiyar don ganewa da kuma mayar da martani ga harin da ake kai wa masu sihiri.

A kai harin imel ne na yaudara, rubutu ko saƙon murya da aka tsara don yaudarar mutane don yin saukewa malware (kamar ransomware), bayyana mahimman bayanai (kamar sunan mai amfani, kalmomin shiga ko bayanan katin kiredit) ko aika kuɗi ga mutanen da ba daidai ba.

A lokacin wasan kwaikwayo na phishing, ma'aikata suna karɓar imel ɗin da aka kwaikwaya (ko rubutu ko kiran waya) waɗanda ke kwaikwayi yunƙurin phishing na ainihi. Saƙonnin suna aiki iri ɗaya aikin injiniya dabaru (misali, yin kwaikwayon wani wanda aka sani ko ya amince da shi, haifar da yanayin gaggawa) don samun amincewar mai karɓa da kuma sarrafa su don ɗaukar matakan da ba a ba su shawara ba. Bambancin kawai shi ne cewa masu karɓa waɗanda suka ɗauki koto (misali, danna hanyar haɗin yanar gizo, zazzage abin da aka makala, shigar da bayanai a cikin shafin saukar da zamba ko sarrafa daftari na karya) kawai sun faɗi gwajin, ba tare da wani tasiri ga ƙungiyar ba.

A wasu lokuta, ma'aikatan da suka danna hanyar haɗin yanar gizon ba'a ana kawo su zuwa shafi na saukowa suna nuna cewa sun faɗa cikin harin da aka kwaikwayi, tare da bayani kan yadda za a fi gano zamba da sauran su. baftarin zuwa gaba. Bayan simintin, ƙungiyoyi kuma suna karɓar ma'auni akan ƙimar danna ma'aikata kuma galibi suna bi tare da ƙarin horarwar wayar da kai.

Me yasa simulators na phishing ke da mahimmanci

Alkaluma na baya-bayan nan sun nuna barazanar lalata na ci gaba da karuwa. Tun daga shekarar 2019, yawan hare-haren masu satar bayanan sirri ya karu da kashi 150%. a kowace shekara -tare da Kungiyar Anti-Phishing Working Group (APWG) tana ba da rahoton mafi girma na kowane lokaci don phishing a cikin 2022, shiga sama da rukunin yanar gizo miliyan 4.7. A cewar Proofpoint, Kashi 84% na kungiyoyi a cikin 2022 sun sami aƙalla nasarar harin phishing guda ɗaya.

Domin ko da mafi kyawun hanyoyin imel da kayan aikin tsaro ba za su iya kare ƙungiyoyi daga kowane yaƙin neman zaɓe ba, ƙungiyoyi suna ƙara juyowa zuwa wasan kwaikwayo na phishing. Ƙwararren ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwarar) ta taimaka wajen rage tasirin hare-haren masu satar bayanan sirri ta hanyoyi biyu masu mahimmanci. Simulators suna ba da ƙungiyoyin tsaro na bayanan da suke buƙata don ilimantar da ma'aikata don gane da kuma guje wa hare-haren phishing na ainihi. Suna kuma taimaka wa ƙungiyoyin tsaro su nuna masu rauni, haɓaka amsawar gaba ɗaya da rage haɗarin bayanan da aka lalata da hasarar kuɗi daga yunƙurin phishing nasara.

Ta yaya wasan kwaikwayo na phishing ke aiki?

Gwajin phishing yawanci wani bangare ne na babban horo na wayar da kan tsaro wanda sassan IT ko kungiyoyin tsaro ke jagoranta.

Tsarin gabaɗaya ya ƙunshi matakai biyar:

Shirya: Ƙungiyoyi suna farawa ta hanyar ayyana manufofinsu da saita iyaka, suna yanke shawarar nau'in imel ɗin phishing da za su yi amfani da su da yawan simulators. Suna kuma ƙayyade masu sauraron da aka yi niyya, gami da rarrabuwar takamaiman ƙungiyoyi ko sassan da, galibi, masu gudanarwa.
Zayyana: Bayan samar da tsari, ƙungiyoyin tsaro suna ƙirƙirar saƙon saƙon saƙo na gaskiya waɗanda ke kama da barazanar phishing na gaske, galibi ana ƙira su akan samfuran phishing da kayan aikin phishing da ake samu akan gidan yanar gizo mai duhu. Suna mai da hankali sosai ga cikakkun bayanai kamar layukan batu, adiresoshin masu aikawa da abun ciki don yin kwaikwaiyon phishing na gaskiya. Har ila yau, sun haɗa da dabarun aikin injiniya na zamantakewa - har ma da yin kwaikwayon (ko 'spoofing') mai gudanarwa ko abokin aiki a matsayin mai aikawa - don ƙara yiwuwar ma'aikata su danna imel.
Aika: Da zarar sun kammala abun ciki, ƙungiyoyin IT ko dillalai na waje suna aika saƙon imel ɗin da aka kwaikwaya zuwa ga masu sauraron da aka yi niyya ta hanyoyi masu aminci, tare da keɓantawa a zuciya.
Kulawa: Bayan aika saƙon imel na izgili, shugabannin suna bin diddigin su da yin rikodin yadda ma'aikata ke hulɗa da imel ɗin da aka kwaikwayi, saka idanu idan sun danna hanyoyin haɗin gwiwa, zazzage abubuwan haɗin gwiwa ko samar da bayanai masu mahimmanci.
Yin nazari: Bayan gwajin phishing, shugabannin IT suna nazarin bayanai daga simintin don tantance halaye kamar ƙimar dannawa da raunin tsaro. Bayan haka, suna bin ma'aikatan da suka gaza yin simintin tare da amsa kai tsaye, suna bayyana yadda za su iya gano ƙoƙarin phishing da kyau da kuma yadda za a guje wa hare-hare na gaske a nan gaba.

Da zarar sun kammala waɗannan matakan, ƙungiyoyi da yawa suna tattara cikakken rahoto wanda ke taƙaita sakamakon simintin phishing don rabawa tare da masu ruwa da tsaki. Wasu kuma suna amfani da hangen nesa don inganta horon wayar da kan su kan tsaro kafin su maimaita tsarin akai-akai don haɓaka wayar da kan jama'a ta yanar gizo da kuma ci gaba da haɓaka barazanar yanar gizo.

La'akari don wasan kwaikwayo na phishing

Lokacin gudanar da kamfen ɗin kwaikwayo na phishing, ƙungiyoyi yakamata suyi la'akari da waɗannan abubuwan.

Yawan gwaji da nau'in gwaji: Kwararru da yawa suna ba da shawarar gudanar da wasan kwaikwayo na phishing akai-akai a cikin shekara ta hanyar amfani da nau'ikan dabaru daban-daban. Wannan haɓakar mitar da iri-iri na iya taimakawa ƙarfafa wayar da kan jama'a ta yanar gizo yayin da tabbatar da cewa duk ma'aikata su kasance a faɗake game da haɓakar barazanar phishing.
Abun ciki da hanyoyin: Lokacin da ya zo ga abun ciki, ya kamata ƙungiyoyi su haɓaka saƙon imel ɗin da aka kwaikwayi waɗanda suka yi kama da yunƙurin ɓarna na gaskiya. Hanya ɗaya don yin wannan ita ce ta yin amfani da samfuran phishing da aka ƙirƙira bayan shahararrun nau'ikan hare-haren da ake kaiwa ma'aikata hari. Misali, samfuri na iya mayar da hankali akai Kasuwancin imel na kasuwanci (BEC)-wanda kuma ake kira CEO fraud - nau'in Mashigin matakan inda masu aikata laifukan yanar gizo ke yin koyi da imel daga ɗaya daga cikin shugabannin ƙungiyar C-level don yaudarar ma'aikata su fitar da bayanai masu mahimmanci ko kuma haɗa makudan kuɗi zuwa wani mai siyarwa. Kamar masu aikata laifukan yanar gizo waɗanda suka ƙaddamar da zamba na BEC na gaske, ƙungiyoyin tsaro waɗanda ke tsara simintin dole ne su bincika mai aikawa da masu karɓa a hankali don tabbatar da sahihancin imel.
Lokaci: Madaidaicin lokacin don ƙungiyoyi don yin simintin phishing ya kasance ci gaba da muhawara. Wasu sun fi son tura gwajin phishing kafin ma'aikata su kammala kowane horo na wayar da kai don kafa ma'auni da auna ingancin hanyoyin simintin phishing na gaba. Wasu sun gwammace su jira har sai bayan horar da wayar da kai don gwada ingancin tsarin kuma su ga ko ma'aikatan sun ba da rahoton abubuwan da suka faru na sirri da kyau. Lokacin da ƙungiya ta yanke shawarar tafiyar da simintin phishing ya dogara da buƙatunta da abubuwan fifikonta.
Bibiyar ilimi: Komai lokacin da ƙungiyoyi suka yanke shawarar yin gwajin phishing, yawanci wani yanki ne na babban shirin horar da wayar da kan tsaro. Horowar bin diddigin yana taimaka wa ma'aikatan da suka fadi gwajin jin goyan bayan kawai yaudara, kuma yana ba da ilimi da ƙarfafawa don gano saƙon imel ko hare-hare na gaske a nan gaba.
Ci gaba da bin diddigin yanayi: Bayan kwaikwaiyo, ƙungiyoyi yakamata su auna da tantance sakamakon kowane gwajin simintin phishing. Wannan na iya gano wuraren haɓakawa, gami da takamaiman ma'aikata waɗanda ƙila za su buƙaci ƙarin horo. Hakanan ya kamata ƙungiyoyin tsaro su ci gaba da sanin sabbin abubuwan da ke faruwa na phishing da dabaru ta yadda lokaci na gaba za su gudanar da wasan kwaikwayo na phishing, su iya gwada ma'aikata tare da mafi dacewa barazanar rayuwa.

Samun ƙarin taimako a cikin yaƙi da hare-haren phishing

Kwaikwayon wasan kwaikwayo da horar da wayar da kan tsaro muhimman matakan kariya ne, amma ƙungiyoyin tsaro kuma suna buƙatar gano na'urorin barazanar zamani da damar mayar da martani don rage tasirin yaƙin neman zaɓe na nasara.

IBM Security® QRadar® SIEM yana aiki injin inji da kuma nazarin halayen mai amfani (UBA) zuwa zirga-zirgar hanyar sadarwa tare da rajistan ayyukan gargajiya don gano barazanar da sauri da saurin gyarawa. A cikin binciken Forrester na baya-bayan nan, QRadar SIEM ya taimaka wa manazarta tsaro ceto fiye da sa'o'i 14,000 sama da shekaru 3 ta hanyar gano abubuwan da ba su dace ba, rage lokacin binciken abubuwan da suka faru da kashi 90%, kuma suna rage haɗarin fuskantar babbar matsalar tsaro da kashi 60%.* Tare da QRadar SIEM, ƙungiyoyin tsaro masu ƙunshe da albarkatu suna da ganuwa da nazari da suke buƙata don gano barazanar cikin sauri kuma su ɗauki matakin sanar da kai nan da nan don rage tasirin harin.

Ƙara koyo game da IBM QRadar SIEM

* The Jimlar Tasirin Tasirin Tsaro na IBM QRadar SIEM wani bincike ne da aka ba da izini wanda Forrester Consulting ya yi a madadin IBM, Afrilu, 2023. Bisa ga sakamakon da aka ƙera na ƙungiyar haɗin gwiwar da aka tsara daga abokan ciniki IBM hudu da aka yi hira da su. Sakamakon haƙiƙa zai bambanta dangane da daidaitawar abokin ciniki da yanayi kuma, saboda haka, gabaɗaya, ba za a iya samar da sakamakon da ake tsammani ba.

Rukunin masu alaƙa

Ƙari daga Cybersecurity

Cloud Agusta 4, 2023

Tsaro na IBM Cloud: Yadda ake tsaftace manufofin samun damar da ba a yi amfani da su ba

5 min karanta - Yaushe ne lokaci na ƙarshe da kuka duba manufofin shiga da ke cikin asusun gajimare? Yana yiwuwa ba a cikin ayyukanku na yau da kullun ba (har yanzu), amma yakamata a yi shi akai-akai don inganta tsaro. A cikin IBM Cloud, manufofin samun dama sun bayyana wanda ya karɓi waɗanne fa'idodin gata da aka bayar akan wace hanya. Lokacin da aka kimanta manufa sannan a yi amfani da su don ba da damar shiga, ana sabunta bayanan “izinin ƙarshe”. Kuna iya amfani da wannan bayanan don gano manufofin samun damar da ba a yi amfani da su ba. A cikin…

5 min karanta

Cybersecurity Agusta 3, 2023

Matakai guda uku masu mahimmanci don kare bayanan ku a cikin gajimaren gajimare

6 min karanta - A cikin yanayin kwanan nan, ƙungiyoyi da yawa suna zaɓar don adana bayanansu masu mahimmanci a cikin gajimare. Wasu kuma sun zaɓi adana bayanansu masu mahimmanci a cikin gida ko ma cikin nau'ikan mahalli da yawa. Sakamakon haka, kamfanoni da yawa suna fuskantar ƙalubalen ɓarna bayanai masu tsada da kuma tabbatar da dimokuradiyyar bayanai. Menene dimokradiyyar bayanai? A taƙaice, ƙaddamar da dimokraɗiyya bayanai yana faruwa ne lokacin da kowa da kowa a cikin ƙungiya ya sami damar samun bayanai masu mahimmanci da kimar kasuwanci. Samun damar samun bayanai ya faɗaɗa zuwa babban rukuni…

6 min karanta

IBM Tsaro MaaS360 Agusta 1, 2023

Babban kariyar ƙarshen ƙarshen vs. facin aikace-aikacen tushen haɗari vs sarrafa kwamfutar tafi-da-gidanka: kamanceceniya da bambance-bambance

5 min karanta - Kwanaki sun shuɗe lokacin da software na riga-kafi da tawul ɗin wuta sun kusan isa don kare ƙungiya daga hare-haren intanet. Trojans, tsutsotsi da malware ba su ne kawai barazanar yanar gizo da ke kiyaye IT da ƙwararrun tsaro a farke da dare. A cewar IBM Tsaro X-Force Barazana Intelligence Index 2023, a cikin shekara ta biyu a jere, phishing shine babban barazanar yanar gizo, wanda aka gano a cikin 41% na abubuwan da suka faru. Kashi XNUMX na hare-hare sun yi amfani da aikace-aikacen da ke fuskantar jama'a, don haka lokacin da maharan suka ga rauni, suna amfani da…

5 min karanta

Cybersecurity Yuli 31, 2023

An sami ingantaccen tsaro da haɓakawa don Sabar Sabar Virtual (HPVS) don Cloud Private Cloud (VPC)

3 min karanta - Kwanan nan IBM ya gabatar da sabbin fasaloli don Sabar Sabar Kariya don Virtual Private Cloud (HPVS don VPC). An gina shi don magance matsalolin tsaro mafi girma, HPVS don VPC an ƙera shi don samar da yanayin ƙididdiga na sirri don kare bayanai da aikace-aikace a cikin Cloud Private Private ɗin ku. Sabbin Sabar Virtual Virtual suna ba da tabbacin fasaha dangane da IBM Secure Execure don Linux don a kiyaye nauyin aiki a cikin gajimare, gami da hana shiga ta masu amfani mara izini. Tabbacin fasaha yana nufin cewa ba tsarin ko mai kula da girgije ba…

3 min karanta

Ƙunshin Ƙarfafa SEO & Rarraba PR. Samun Girma a Yau.
PlatoData.Network Tsaye Generative Ai. Karfafa Kanka. Shiga Nan.
PlatoAiStream. Web3 Mai hankali. Ilmi Ya Faru. Shiga Nan.
PlatoESG. Motoci / EVs, Carbon, CleanTech, Kuzari, Muhalli, Solar, Gudanar da Sharar gida. Shiga Nan.
BlockOffsets. Zamantanta Mallakar Kayayyakin Muhalli. Shiga Nan.
Source: https://www.ibm.com/blog/phishing-simulation/

Generative Data Intelligence

Menene kwaikwayo na phishing? – IBM Blog

Me yasa simulators na phishing ke da mahimmanci

Ta yaya wasan kwaikwayo na phishing ke aiki?

La'akari don wasan kwaikwayo na phishing

Samun ƙarin taimako a cikin yaƙi da hare-haren phishing

Rukunin masu alaƙa

Ƙari daga Cybersecurity

Tsaro na IBM Cloud: Yadda ake tsaftace manufofin samun damar da ba a yi amfani da su ba

Matakai guda uku masu mahimmanci don kare bayanan ku a cikin gajimaren gajimare

Babban kariyar ƙarshen ƙarshen vs. facin aikace-aikacen tushen haɗari vs sarrafa kwamfutar tafi-da-gidanka: kamanceceniya da bambance-bambance

An sami ingantaccen tsaro da haɓakawa don Sabar Sabar Virtual (HPVS) don Cloud Private Cloud (VPC)

Turkiyya ta ci gaba da Sabbin Dokokin Kuɗi na Cryptocurrency bisa ga Ka'idodin Duniya - Sabbin Sabbin Labarai na Bitcoin.com - CryptoInfoNet

Bankin Dala Biliyan Ya Shirya Tarar Dalar Amurka 450,000,000 Daga Gwamnatin Amurka saboda Kasa Ganowa, Bayar da rahoto, da kuma Amsa Abubuwan da ake tuhuma da kyau - Daily Hodl

Sabbin Hankali

2025 Aston Martin Vantage Binciken Farko na Farko: Babban canje-canje, babban iko - Autoblog

Ci gaban UQUID Kasuwancin Cryptocurrency tare da $USDT akan Ton Blockchain

Kudaden RCO Ya Amintar da $250K A cikin Sabon Zagayen Tallafi Don Haɓaka Ci gaba cikin Kasuwancin AI mai ƙarfi - CryptoInfoNet

SpaceX ya kai kusan tauraron dan adam 6,000 na Starlink a sararin samaniya bayan harba Falcon 9 daga Cape Canaveral.

SpaceX ya kai kusan tauraron dan adam 6,000 na Starlink a sararin samaniya bayan harba Falcon 9 daga Cape Canaveral.

Shugaban Ripple Garlinghouse yayi hasashen asarar SEC A Dogon Gudu A Yaƙin Crypto