Every day thousands of phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish, others are becoming increasingly sophisticated, with many fake emails being almost entirely indistinguishable from real ones. Because of this, your approach to security needs to be equally sophisticated.
Employers are continually raising user awareness to detect phishing attempts and therefore employees are becoming increasingly educated on the warning signs to look out for:
- The message requests you to click a URL
- The URL contains a misleading domain name (firstname.lastname@example.org)
- The message contains a suspicious attachment
- The content contains poor spelling and grammar
- A claim there’s a problem with your account or your payment information
- You didn’t initiate the action (perhaps winning a competition)
- The message includes a threat or sense of urgency
- The ‘offer’ appears too good to be true
- Poor quality of graphics
- The message asks for personal information
Typical defences against phishing often rely exclusively on users being able to spot phishing emails. This approach will only have limited success. Instead, you should widen your defences to include more technical measures in order to improve your resilience without disrupting the productivity of your users.
Implementing well-defined threat protection policies and security controls including SPF/DKIM, Phishing Reporting buttons and the ability to quarantine potentially harmful email can all help to overcome common challenges such as IP/Domain spoofing, spam, malware and safe links/attachments.
Leveraging threat investigation and response capabilities and automated investigation provides the opportunity to detect a phishing attack, and then stop it before it causes harm. You should acknowledge that some attacks will get through, as this will help you plan for incidents, and minimise the damage caused.
What organisational and technical security measures does your organisation have in place beyond the expectation of your employees?
There are three key elements of a strong anti-phishing policy;
How well prepared is your organisation to detect and respond to a successful phishing attempt?
Look out for our next blog which will be about recovering from a successful phishing attempt!
If you want to find out more about Savanti and their various cyber security services, including their security education and awareness programmes, please get in touch email@example.com, visit the chat function on our website: www.savanti.co.uk or fill in the below details: