Phishing tactics are always evolving and becoming more complex. Our Phishing Detection and Response (PDR) security solutions combine technology and unique human insight to catch and stop phishing attacks — before they hurt your business.
Phishing threats are no longer static. As they evolve, so must the skills and resources needed to understand them and effectively respond. However, competition for security talent capable of preventing phishing attacks and responding appropriately is fierce. It is increasingly difficult to retain the skills your organisation needs, placing pressure on your budget and your phishing defence strategy.
Faced with increasingly sophisticated attacks, today’s security teams need a wider view of the landscape. Offloading email security tasks like the analysis of user-reported phishing emails to a team of dedicated specialists prevents you from being blindsided. Gain breadth and depth of coverage while focusing internal resources where they can have the greatest impact.
When a phishing email evades detection by all the technological solutions available and arrives in a target’s inbox, the only thing that will now stop the phishing attack from being successful is the vigilance of the intended target and supporting security leadership. Our anti-phishing services and solutions allow your security team to focus on mitigating real phishing threats through effective employee training, quick incident response and phishing threat remediation.
Take action today to increase your user’s awareness of the following phishing tactics and tell them ‘If you see something, say something’.
Emails insisting on urgent action do so to fluster or distract the target. Usually, this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications it may be bogus.
Most companies now use spell-checking features in email clients or web browsers to ensure their corporate communications maintain a professional appearance. Emailspurporting to come from a professional source that contains spelling mistakes or grammatical errors should be treated with suspicion.
Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used and those containing language not often used by friends and work colleagues likely originate from an attacker. These should not be actioned or replied to. Instead they should be reported to the organisation’s IT security team.
Among other email security best practices to introduce is the random checking of senders’ email addresses – especially when an email address belonging to a regular contact is unfamiliar. By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.
Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to encourage employees to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
File sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so. Even when phishers use social engineering to appeal to the target’s curiosity or greed, the intended targets have not usually initiated contact. These emails should be flagged as suspicious at once.
Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat and respond to them accordingly.
