What Is Phishing?
Phishing is a sort of cybersecurity attack in which a hacker sends an email containing a link or document that appears to be authentic but is intended to obtain personal information. A phishing email appears to be from a reputable source (e.g., your bank, another employee, a well-known company). When someone clicks on the malicious link or attachment, he or she will be asked to submit personal information. The link could also infect the employee’s computer with malware. Employees may unknowingly provide hackers with exactly what they need to get access to critical enterprise accounts.
Phishing can take several forms, ranging from generic to highly tailored. To respond appropriately to a phishing assault, you must first understand the differences. The four basic forms of phishing attempts are shown here, along with a brief description of each attack’s objectives.
- Phishing is a generic attempt to obtain sensitive information by deceiving consumers via email.
- Vishing is the practice of making cold calls to an entity in order to persuade the recipient to take some action.
- Spear Phishing is a type of targeted phishing attack that targets specific persons or groups inside an organization and personalizes the message to build credibility.
- Whaling is an extremely targeted attempt to obtain sensitive information from high-value employees within a company utilizing email as the communication medium.
Phishing Prevention Basics
Phishing prevention refers to a set of tools and procedures that can be used to detect and neutralize phishing attempts before they happen. This includes extensive user education to raise phishing awareness, the implementation of specialized anti-phishing solutions, tools, and programs, and the implementation of a variety of other phishing security measures aimed at proactive phishing protection as well as mitigation techniques for attacks that do manage to breach security.
Sure, all kinds of clever technologies may be implemented in the hopes of thwarting phishing attempts. The most effective plan, on the other hand, would be to develop a tailored strategy based on the specific business circumstances.
To Catch a Phisher, First You Have to Think Like a Phisher
Taking a high-level view, it’s important to analyze how a threat actor might gain an initial foothold on a company’s infrastructure before shifting aggressively to steal crucial data. The following method explains some phases that can demonstrate how the process works when considering this initial foothold.
- Research the Company: The fictional company’s organizational structure, business drivers, vendors, employee social media posts, and other information repositories must be researched first.
- Obtain a List of Emails: Now that you have the corporate information and some decent phishing techniques, it’s time to harvest publicly available emails, as well as “mangling” known employee names.
- Decide Where the Email Should Come From: After gathering information on the company, internal individuals, and a list of emails, the next step is to choose where the email should come from. This may entail obtaining a domain name that is similar to the phony company’s or another company with which the company is affiliated.
- Getting a Domain to Work for You: When phishers want their communication to appear as if it came from someone at a specific firm, they commonly manipulate a domain. Mangling a domain can be done with a variety of tools and involves compiling a list of known ways to mistype a domain while maintaining its resemblance to the original.
- Plan What You Want Your Phishing Targets to Do: A typical method is to clone a well-known website that closely mimics the fake organization’s login interface, or to create a document containing malware that someone inside the company would likely open.
Implement Basic Phishing Prevention Methods
Set Up SPF, DKIM, and DMARC – the Anti-Spam Protocol Trifecta
Make sure you’ve done some fundamental steps to limit the danger of phishing before using an anti-phishing solution. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are free and easy to implement standard protocols for authenticating email and combating spam and email spoofing. These protocols will not eliminate the threat of phishing, but they will make the opposition’s life more difficult.
Set Up Multi-Factor Authentication
Many credential-based attacks can be avoided by requiring multi-factor authentication (MFA). If a phishing assault succeeds in obtaining credentials, requiring extra authentication means the attack will most likely end there.
Use Your Email Platform’s Built-In Phishing Features
Phishing prevention is aided by built-in rules and policies in cloud email platforms such as Microsoft 365 and Google G Suite. To detect malicious intent, they compare your messages to the billions of others they receive every day. On-premises email servers, such as Microsoft Exchange, have anti-malware features.
Phishing Prevention Software & Services
Recommended Phishing Prevention Software
BrandShield Anti-phishing
BrandShield Anti-Phishing focuses on corporate trust and brand security. Its toolkit monitors social media and other focal points for phishing sites or brand impersonation (even scanning for your corporate logo) and responds with takedown requests and blacklisting these bad sites.
RSA FraudAction
RSA FraudAction also detects and prevents phishing sites that pose as your company. RSA checks for fraudulent sites and uses its partner network to discover and take down false sites through shutdown and blacklisting. RSA charges for FraudAction dependent on the number of attacks (purchased in buckets of takedowns).
Avanan
Avanan is one of several SaaS platforms that improves the security of Office 365, G Suite, and other cloud-based applications. Avanan is easy to set up and use because it is cloud-based and uses APIs to connect to your Office 365 or G Suite instance. It can also safeguard more than just email by monitoring user and platform configurations and even looking for changes to files in cloud storage. Avanan’s anti-phishing solution, which includes email filtering, account takeover protection, and configuration security, starts at $4 per user per month.
Barracuda Sentinel
Another SaaS product that works well with Office 365 is Barracuda Sentinel (no G Suite support). Barracuda monitors inbound emails for compromised accounts and remediates them by detecting and removing malicious emails sent to other internal users, informing external recipients, locking the account, and even analyzing inbox rules imposed by the rogue user. Barracuda Sentinel is licensed in accordance with the number of users or active mailboxes.
IRONSCALES
IRONSCALES improves your email security by combining AI-based detection with human involvement (through notifications) to quickly respond to potential threats while reducing false positives. Admins also obtain information about the threat’s nature and extent, such as how many mailboxes were targeted and how many users reported the email. IRONSCALES also provides user training and emulation/simulation tools. IRONSCALES offers various price tiers for businesses of all sizes, starting at $5 per mailbox.
Recommended Phishing Prevention Services
Mimecast
Mimecast provides an email security platform that includes a full suite of services to protect your organization from phishing attacks, including brand protection, anti-phishing protection, and backup for your enterprise email services to ensure service continuity in the event of a successful attack. Mimecast also offers end-user training to assist defend your company from any threats that could get past your safeguards. Mimecast pricing starts at $3 per user per month, with volume savings available.
Advanced Threat Protection for Microsoft Office 365
Due to the fact that it is included in a number of Office 365 service tiers, Office 365 Advanced Threat Protection (ATP) is the go-to email security service for a large majority of enterprise users. While several of the other systems on our list claim to have AI-based protection, none of them can feed that AI with the volume of data that Microsoft does on a regular basis. With an annual commitment, Office 365 ATP costs $2 per user per month, rising to $5 per month for capabilities like enhanced investigations, automated response, and attack simulation.
PhishProtection
Email protection for hosted and on-premises email, real-time integration with six trust databases, attachment and URL scanning (including URLs contained in attachments and shortened URLs), and phishing attempts using domain or vendor impersonation are just a few of the features and capabilities offered by PhishProtection. For an extra price (beginning at $500 per year for 25 people), PhishProtection also offers training and simulation.
Sophos Email
In its SaaS platform, Sophos Email uses both policy and AI-based detection, as well as a self-service site for customers to safely manage their quarantines. Sophos can also identify users who engage in risky conduct and apply simulation-based training to them in order to reduce the risk they pose. Sophos Email starts at $22.50 per user per year, with savings available for volume and term duration.
Zerospam, SpamTitan, GreatHorn, Cofense, and Area 1 Horizon are some other widely renowned software and services to protect your business from phishing attacks. Most of these tools provide training tutorials and tests for users to prepare them to spot a phishing attack and how to respond to it.
XO Is Here to Help
XO can help by reviewing your business’s protection from phishing attacks and putting together a plan to protect you from such attacks going forward. We can also implement and maintain whatever anti-phishing methods you need. Contact us today for a free assessment.
