Ways to Stop Phishing Attempts

Posted by Antonia Giacalone on Nov 3, 2017 12:00:22 PM
Find me on:

Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. In early 2016, 93 percent of phishing emails delivered ransomware, according to statistics from PhishMe.

Enterprises regularly remind users to beware of phishing attacks, but many users don’t really know how to recognize them. One reason for this is the fact that these attacks can take many forms. “Phishing attacks come in all shapes and sizes, targeting specific individuals within an organization who have access to sensitive data,” says Area 1 Security’s Shalabh Mohan.

Most of us have clicked on an email that seemed legitimate, but wasn't. 

What is phishing?

The most common form of phishing is the general, mass-mailed type, where someone sends an email pretending to be someone else and tries to trick the recipient in doing something, usually logging into a website or downloading malware. Attacks frequently rely on email spoofing, where the email header — the from field — is forged to make the message appear as if it was sent by a trusted sender.

However, phishing attacks don’t always look like a UPS delivery notification email, a warning message from PayPal about passwords expiring, or an Office 365 email about storage quotas. Some attacks are crafted to specifically target organizations and individuals, and others rely on methods other than email.

Here are our top phishing prevention tips for best technology practices, employee education and social media smarts.

Here are our top phishing prevention tips for best technology practices, employee education and social media smarts.

3 ways to stop 95-99 percent of spear-phishing attempts

1. Inbound email sandboxing

Deploy a solution that checks the safety of an emailed link when a user clicks on it. This protects against a new phishing tactic that I've seen from cybercriminals. Bad guys send a brand new URL in an email to their targets to get through the organization's email security. The other tactic is when they inject malicious code into the website right after delivery of the email URL. This URL will get past any standard spam solution.

2. Real-time analysis and inspection of your web traffic

First, stop malicious URLs from even getting to your users' corporate inboxes at your gateway. Even if you have inbound email sandboxing for your corporate email, some users might click on a malicious link through a personal email account, like Gmail. In that case, your corporate email spear-phishing protection is unable to see the traffic. Bottom line: your web security gateway needs to be intelligent, analyze content in real time, and be 98 percent effective at stopping malware.

3. Employee behavior

The human element is incredibly important. Adopting an employee testing program  and do this training on-going basis. The result isn't really employee education or security awareness —it's behavior modification.

Subscribe to Email Updates

Recent Posts

Posts by Topic