Email Security Blog

Phishing Awareness: How to Prevent Phishing

Nikki Tyson October 26, 2015 Resources
Fallback Featured Image

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

In the final installment in our series of blogs on the Fundamentals of Phishing  we will explore how to prevent phishing attacks.

To truly prevent email phishing attacks we need to consider the ‘Phishing Kill Chain’. This uses the principles of the popular Cyber Kill Chain methodology, a military-theoretical approach to network asset defense that can be quite valuable, especially when you expand the definition of “assets” to include your customers. If you’re not familiar with the concept, CSO Online has an article on it that’s appropriate for any level of pre-existing knowledge.

The Phishing Kill Chain in Context

Military Kill Chain Cyber Kill Chain Phishing Kill Chain
Find Reconnaissance Targeting
Fix Weaponization Delivery
Track Delivery Deception
Target Exploit Click
Engage Installation Surrender
Assess Command & Control Extraction

So what does the Phishing Kill Chain look like? Cyber criminals need to achieve seven steps in order to conduct a successful phishing attack on email:

  1. Target: decide who they’re going to try to defraud and assemble an email list
  2. Deliver: send messages to the people on their target list
  3. Deceive: the criminal needs to trick the user into following their call to action
  4. Click: the customer clicks on the phishing site and attempts to load it in their browser
  5. Surrender: the user needs to input their data to the phishing site, surrendering it to the criminals
  6. Extract: the phishing site needs to transmit the stolen credential or other information to the criminal
  7. Act: the criminal, or one of their agents, needs to log on to the account in question and transfer money, use the stolen card number online or in person, or place an order to perpetrate the final fraud.

According to numbers published by the Canadian Government the success rates are alarming:

  • Targeting: 156 million messages sent per day.
  • Delivery: 16 million make it through filters, for a 10.2% success rate
  • Deception: 8 million are opened, for a 50% success rate
  • Click: 800,000 are clicked, for a 10% success rate

These numbers reflect the poor controls against phishing compared to, say, generic spam.

The key point to note is that many security solutions aim to stop criminals later in the chain, such as at the Click, Surrender and Extract stages. But the earlier in the kill chain that controls can be inserted, the better the chance that organizations have of preventing their customers from being phished.

To that end, DMARC and Agari deliver a solution that can cut the chain at Delivery, where a proactive DMARC reject policy can prevent the message from even having a chance of landing in the inbox.

Even beyond initial rejection, Agari uses DMARC forensic data to extract threat details and provide them to takedown vendors, who validate and classify the threat. This intelligence is then passed onto Google and Microsoft for inclusion in their anti-phishing lists so that browsers block the threats. This makes the controls at step 4 in the kill chain, the Click, far more effective in preventing emerging threats.

If your organization is serious about preventing phishing and defending your customers as well as your brand reputation, you need to be deploying systems that help you move up the kill chain. Only then can you ensure your organization is safe from falling victim to the growing pain of phishing attacks.


Agari Blog Image

June 30, 2017 Todd Weltz

Why are my Google Calendar Invites Blocked by DMARC?

Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell…

Agari Blog Image

January 6, 2016 Agari

Security Infographic: 7 Ways to Protect Customers

To learn more about how email cyber attacks are impacting businesses – both financially and…

Agari Blog Image

December 15, 2015 Agari

Don’t Let Your Customers Be Fooled By Cousin Domains

In the last five years, we’ve all become far too familiar with it – hackers…

Agari Blog Image

November 10, 2015 Agari

Exploring Phishing Statistics

  At Agari, we are vocal about the steps organizations can take to protect their…

Agari Blog Image

November 3, 2015 Nikki Tyson

What is a Spear Phishing Attack?

While “phishing” has entered the vocabulary of most email users, the concept of a spear…

mobile image