Phishing attack protection

@Pwdrkeg, effective and comprehensive phishing attack protection should combine technical solutions with user education. It is important to note that protecting against phishing attacks is a process that must constantly be revisited and adjusted as appropriate.

We have outlined four recommendations for a well-rounded approach for effective phishing attack protection.

1.Configure email spam filters to prevent phishing attempts from reaching your inbox. Your email provider may have standard spam filters and settings that can be configured to filter bulk spam emails. If you are using a self-hosted email solution, you should also purchase and make use of an email gateway that can detect and block spam and phishing emails.

An email gateway is a component of an IT network that inspects incoming and outgoing emails for signs of spam or phishing and acts on them appropriately. Email gateways can be configured to set rules for which emails should be allowed in and out, which should be blocked, etc.

2. Set up email authentication to verify outgoing mail. Configuring Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentications is another recommended step to ensure the emails being sent from email addresses from your business domain are being sent from an email server that you authorize.

SPF authentication allows you to specify which email servers are authorized to send mail from your business’ email accounts. This allows you (and others) to verify that an email is being sent from an authorized server and can help email gateways determine if an email is suspicious or malicious.

DKIM is an additional email verification tool that ensures an email was not tampered or edited while in transit from one inbox to another. If a hacker intercepts and alters an email in transit, DKIM allows this tampering to be more easily detected.

3. Educate users on how to spot and react to phishing emails. Even with spam filters, some emails may still reach your inbox. For example, if a co-worker’s email account is hacked, the attacker could send emails using their account. It would be more difficult to detect the hacker, because the emails are coming from a legitimate email account within your organization. For this reason, it is important that users must recognize signs of phishing and learn how to react appropriately. For all phishing training, the goal should be to get an individual to a point where he or she has a healthy amount of skepticism when answering emails (and phone calls too).

Making a user stop and think “Was I expecting this bank wire request?” or “Does my company usually make requests for my account passwords?” goes a long way in protecting against phishing. Verifying questionable requests with a trusted person is always the right step towards dodging a phishing scam.

It is also important to evaluate the efficacy of this training. Soteria works with clients to conduct controlled, non-malicious phishing campaigns in order to measure how well their users respond to phishing attacks. The results of these assessments can then be used to further educate and train employees.

4. Investigate the method and motive behind phishing attacks that do reach your inbox. When phishing emails reach your inbox, you should question the method and motive behind the scam. By understanding the nature of the email, it will help you adjust and strengthen your phishing attack protection measures.

Was the phishing email part of a generic blast? If so, maybe your spam filters need to be reconfigured.

Was the phishing email a targeted attack against a specific employee? If so, your firm may need to take extra precautions to education your firm about attacks targeting your business.

Automated phishing attack protection tools, such as Soteria’s PhishPhry, will help your firm determine if the email is in fact spam, if the email was part of a generic or targeted attack, and how the email was able to reach your inbox. All of this information will provide value to your security plan and help you iterate and strengthen your security moving forward.

Have a question for our security consultant? Submit your #askahacker questions to @SoteriaSecurity on Twitter or via email. Chosen questions will receive a response from our consulting team and a Soteria gift pack.