Protect your customers from phishing attacks that impersonate your organization
What Is Consumer Phishing?
In a phishing attack, a criminal sends a large number of consumers a deceptive email appearing to come from a respected brand — typically a financial service provider or an email service provider.
The email uses social engineering techniques to attempt to mislead the recipients to visit a web page appearing to belong to the impersonated brand, where the user will be asked to enter her username and password — and sometimes other information as well. Having stolen this information, the criminal now controls the victim’s account.
A good example of a large scale consumer phishing attack is the recent attack targeting customers of GoDaddy
How Consumer Phishing Works
Most phishing campaigns involve an attacker masquerading as a trusted brand, both in an email sent to the intended victims and using a website looking much like the website of the impersonated brand. The phisher commonly uses email spoofing to assume the identity of the brand he wishes to impersonate. In terms of the email and website content, phishers use copied logos and phrases associated with the brand to look credible.
Most consumers think that phishing is limited to impersonation of financial institutions, but as the black market value of stolen email credentials is going up, attackers are targeting more industries.
Cyber criminals abuse brand trust, using your brand name as a disguise to trick your customers into opening their malicious emails.
Traditional Defenses Identify Bad URLs
Traditional phishing countermeasures are based on rapidly identifying malicious websites — the phishing websites — and then scanning emails for hyperlinks pointing to these pages. To circumvent these countermeasures, phishers use smaller batches of phishing emails, each one of which uses distinct hyperlinks.
Often, legitimate services, such as link shortening services, are used by the phishers to make detection more difficult. The fact that the attacks constantly change makes it difficult for traditional filters to do a good job.
The Solution: Agari Customer Protect
Agari Customer Protect stops phishing attacks by ensuring that every email your customers receive claiming to be from you will actually be from you.
Agari Customer Protect analyzes email sent claiming to be from your domains to 3 billion mailboxes across the world’s largest cloud email providers including Google, Microsoft and Yahoo. Based on that data, Agari creates a model of legitimate email behavior for your organization. Then, that model is published via the DMARC standard and used to block all unauthorized email from reaching your customers’ inboxes.