Email Security Blog

Spear Phishing Prevention

Agari October 10, 2013 Email Security
Fallback Featured Image

Perhaps you saw an article from Forbes on the increasing prevalence of spear phishing attacks that we included. The article, entitled “Spear Phishing 101 – Who Is Sending You Those Scam Emails And Why?” examines the social engineering aspect of these attacks and how they have morphed from more obviously fake emails to sophisticated attacks that exactly mimic the kind of email that you see everyday and are socially trained to respond to quickly, with little to no thought. No wonder that companies are spending time and money on programs to train their employees to avoid being victims of spear phishing attacks and accidentally leaking organization information in the process. However, as we have seen from other studies, it is often the top executives at a company, and thus the biggest targets of spear-phishing attacks (whaling, it’s called at the exec level) that are the most lax about following security protocols.

So what else can be done?

There is an important emerging standard called Domain based Message Authentication, Reporting and Conformance (DMARC) which utilizes long standing email authentication mechanisms of Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM) to virtually eliminate unsolicited email. Currently ~80% of US consumer email receivers, and ~65% worldwide, respect a published DMARC policy, removing hundreds of millions of malicious emails daily from consumer mailboxes. Corporations are increasingly adopting this protocol and working with Agari and their third party vendors that send email on their behalf to implement it as well. Anyone who wants to take a proactive approach to eliminating all types of malicious email, including spear-phishing, should investigate and implement DMARC immediately.

Leave a Reply

Your email will not be published. All fields are required.

February 7, 2019 Paul Chavez

Why You Should Care About an Advanced Threat Catch Rate

February 4, 2019 Armen Najarian

Brand Marketing is the New Demand Generation

January 3, 2019 Paul Chavez

Why Your Company Needs Third-Party Solutions for Microsoft Office 365

December 17, 2018 Patrick Peterson

Inside the Identity Graph: How Predictive AI Beats BEC Scams

October 31, 2018 Fareed Bukhari

Business Email Compromise: 54% of Email Attacks Use Display Name Deception

mobile image