the near futureThe US Cybersecurity and Infrastructure Security Agency（CISA）And the Federal Bureau of Investigation（FBI）A guide has been jointly released, detailing the phishing techniques used by malicious hackers and providing corresponding defense measures.

In the field of cybersecurity, phishing attacks have become a common means of threat. To address this challenge,CISAandFBIWe have jointly released a guide aimed at exposing in detail the phishing techniques used by malicious hackers and providing corresponding defense measures. This guide provides a detailed analysis of various technical methods and strategies used in current phishing attacks, including but not limited to emails, text messages, etc. disguised as banks, government agencies, colleagues, or friends, inducing users to click on malicious links, download viruses or Trojans, and enter sensitive information. These attack methods often have a high degree of camouflage and deception, making it difficult for users to distinguish authenticity.

CISAandFBIThe phishing attack methods jointly exposed mainly include the following. The most common form of phishing is usually when attackers send links disguised as various information to users through email, text messages, and other means, deceiving them into entering sensitive information, downloading viruses or Trojan horses, and other malicious software.

Harpoon phishing is an advanced phishing attack targeting specific targets or organizations. Attackers will conduct reconnaissance on the target in advance and construct customized phishing emails or messages. Whale fishing attacks are specifically targeted at senior management personnel within organizations (such as CEOs, CFOs, etc.), as their victims have high value and stolen information is even more valuable.

A waterhole attack is an attack where the attacker analyzes the target's online activity patterns, searches for and breaks through websites that the target frequently visits, implants attack code, and waits for the target to be "targeted". Lantern style phishing fraud method based on social media, where attackers disguise themselves as public placesWIFIHotspots induce victims to connect and steal their information.

In addition, there are also cases where domain names that are very similar to the enterprise are used to impersonate the enterprise itself or its employees for fraud. Through multiple domains andIPSending spam emails to addresses, bypassing reputation or quantity based spam filtering techniques such as snowshoe attacks.DNSThe serverPoisoning, through invasionDNSThe server directs traffic to phishing websites to steal sensitive user information.Middle man attackBy intercepting and altering communication links, controlling network traffic, monitoring or inserting specific information to obtain sensitive personal information, etc.

In order to effectively defend against phishing attacks,CISAandFBIPropose multiple suggestions. For example, using multi factor authentication（MFA），CISAandFBIStrongly recommend using based onFIDOorPKIofMFAIt can significantly improve the security of accounts and resist phishing attacks. At the same time, avoid using SMS or voice messagesMFAAnd being intercepted or forged.

CISAandFBISuggested useDMARCTechnologies such as domain name message authentication, reporting, and consistency are used to verify the authenticity of emails and ensure the reliability of their sources. useDNSFiltering technology to prevent users from accessing malicious websites or downloading malicious software. By deployingEmail FilterIt can automatically identify and intercept suspicious phishing emails. The whitelist of applications restricts only authorized applications from executing, preventing malicious software intrusion. Timely update critical software such as operating systems, browsers, and office software to fix known security vulnerabilities and reduce the risk of attacks.

In addition, enterprises should strengthen credential management, adopt secure credential management strategies, regularly check and update credentials, and avoid using weak or duplicate passwords. For small and medium-sized enterprises, user training is particularly important. Regular anti phishing training should be organized to enhance employees' awareness and prevention capabilities against phishing attacks, and to clarify the measures and procedures for responding to phishing attacks. Once a phishing incident is discovered, promptly report it toCISAandFBIreport

For users, it is important to remain vigilant and have good internet habits, not trust the name displayed by the sender, and recognize the sender's address. Be wary of emails or links that request sensitive information. Do not click on links in emails or download unfamiliar attachments at will. The terminal device should install antivirus software and update the virus database in a timely manner.

ISAandFBIThis jointly released phishing attack defense guide provides comprehensive and specific defense measures recommendations for organizations and individuals. By implementing these measures, the success rate of phishing attacks can be significantly reduced, and the security of sensitive information can be protected. At the same time, it also reminds users to remain vigilant, enhance their awareness of network security, and jointly build a secure network environment.