Email Security Blog

What Is a Phishing Attack? Types, Defenses & Prevention

John Wilson October 21, 2021 BEC, Business Email Compromise, Email Security, Phishing
fish hook in envelope with letter

 

Phishing attacks are all too common and can make a company lose millions of dollars. To protect against this scam, a company must have the right protocols and software in place.

What is a phishing attack?

A phishing attack is a social engineering attack, where an attacker mimics a trusted company or person to steal private information such as login or financial data. These attacks usually come as an email, text message or phone call.

What is the goal of a phishing attack?

Phishing attacks are designed to steal information either through fake login links that impersonate real websites, or from malicious attachments that install malware or ransomware on your computer. According to a recent study, 91% of breaches are caused by phishing attacks.

Most modern networks and computers have sufficient security settings and firewalls that make it extremely difficult for anyone to break in from the outside. Attackers know this and utilize these attacks to have someone who is already inside the network unknowingly execute malicious code that makes gaining access to the victim’s network much easier.

Outside of stealing information, some attacks may attempt to hold your files hostage using ransomware. This attack is usually hidden inside an email attachment that encrypts all the files on a machine or network when opened. The victim then has to pay the attacker for the encryption key in order to gain access to their files.

Identifying a phishing attack

Email scams take advantage of the trust a person or organization has with a recipient by attempting to make the message appear to be coming from a reputable source. Attackers know that email scams are a numbers game, so they will use any techniques at their disposal to increase their open rate when sending to thousands of addresses. Here are a few of the most telltale signs of a phishing email.

Watch out for lookalike domains.

Scammers will purchase domain names that contain slight misspellings of real businesses to trick more recipients into getting scammed. For example, an attacker may register an email address as mike.jones@mirosoft.com when trying to impersonate Microsoft to steal user credentials.

This same technique is also sometimes used in the name field of the message. When scammers can’t register a similar domain, they sometimes utilize the name field to convey authority. For example, an attacker may create an email address under ChaseBankAlerts@authorizedalerts.com and then proceed to tell people their account has been compromised as a part of their scam. In reality, the domain name authorizedalerts.com has nothing to do with Chase but may look legitimate to some recipients when combined with a fake name in front of it.

Is there a sense of urgency to take action?

Scam emails are designed to get recipients to click links that compromise their machines or enter their credentials into fake websites as fast as possible. They use urgency to drive victims into taking action quickly, so their scam won’t be discovered until it’s too late.

Some of the most common tactics used today are fake overdue invoices, account recovery notifications, and fake shipping updates claiming your package was lost. If you ever feel panicked due to an email, slow down and look to see exactly where it’s from or contact your IT department if you’re still unsure.

Be wary of links in emails.

Attackers will go to great lengths to impersonate a real website and can practically clone the way the website looks. Attackers use links to get you over to their fake sites so that you’ll enter your information.

Even links that appear to be legitimate might be fake. For example, a link in an email that appears to go to realbank.com/login, can contain a hyperlink inside of it that goes to realbank.securexlogin.com.

The securexlogin.com site used a subdomain with the name of the real bank to trick more people. This strategy combined with a clone of the real bank page can fool unsuspecting users into entering their banking information.

This is known as link spoofing, and it can be difficult to detect. Recipients can hover their mouse over the link to see where it goes in most email browsers before clicking. This still isn’t foolproof, as previewing the link destination doesn’t reveal if there are any redirects that may occur on that page. Having proper phishing defense in place can help protect against link spoofing.

Watch for misspellings.

Massive email scam campaigns are often carried out from non-English speaking countries. While they may try their best to construct the message, many times there will be grammatical or punctuation errors in the body. Watch out for both misspellings as well as odd word choices that don’t fit naturally together. While misspellings aren’t proof a message is fake, it should certainly raise alarms for the recipient to do more research on where the email is coming from.

What is a spear phishing attack?

While most malicious emails are indiscriminate and sent in bulk, spear phishing is much more targeted and planned out. Spear phishing utilizes industry and company knowledge combined with targeted outreach to appear as legitimate as possible. Since these campaigns require the most amount of effort, usually enterprises and larger organizations find themselves to be the target for these types of attacks.

Information like company hierarchy, names, email addresses, phone numbers, email signatures, and stolen documents are used in these types of attacks to make the email appear as legitimate as possible.

Spear phishing campaigns also wish to steal information for a financial gain or competitive advantage. Due to the amount of research put into these attacks, payloads are usually especially stealthy and are designed to remain inside a network for long periods of time undetected to steal as much information as possible.

Spear phishing is usually the first entry point an advanced persistent threat will use to gain a foothold inside an organization’s network.

Protecting against phishing attacks.

Protecting against email attacks isn’t as easy as installing an antivirus software and calling it a day. Phishing messages are constantly evolving and require proactive monitoring, staff training, and proper server configuration in order to fully defend against them. Here’s a few steps you can take to prevent phishing attacks.

Implement proper email security configuration.

Server administrations should have access to their DNS servers where proper SPF, DKIM, and DMARC records can be configured. Together these three records help defend against spam as well as attacks that attempt to utilize spoofed addresses.

SPF (Sender Policy Framework) restricts who can send messages from your domain and prevents email spoofing.

DKIM (DomainKeys Identified Mail) ensures the integrity of your message while in transit, making sure the email hasn’t been compromised or tampered with during the sending process.
DMARC (Domain-based Message Authentication Reporting and Conformance) gives organizations options on how to handle messages that were not authenticated with either SPF or DKIM.

Keep staff informed and on alert.

Implementing a solid educational program across an organization can help drastically reduce the number of phishing emails opened. Helping staff identify and report phishing emails is a key part of prevention even when other security measures are in place.

Enable two factor authentication (2FA).

Two factor authentication provides an extra layer of protection that combines login credentials with something physical such as a smartphone or authenticator app. Even if a message is opened and credentials are entered into it, the attacker will not be able to access the site if 2FA is enabled.

Have an incident response plan.

Having a detailed phishing response plan can help mitigate and oftentimes completely prevent an attack. Agari Phishing Response automatically prioritizes incidents and automates the triage and investigative work as soon as an attack is detected.

How do I report a phishing attack?

If you have fallen victim to an email scam or have been sent a phishing email, here are a few simple steps you can use to report it:

If you have received a malicious email, you can forward it directly to the FTC at reportphishing@apwg.org. If the message was a text message you can forward it to SPAM (7726). and then report the attack by visiting http://ftc.gov/complaint.

The Agari advantage

Agari offers a turnkey solution to combat phishing attacks through automatic phishing response, remediation, and containment. The system utilizes both signature-based security as well as behavioral analysis to stop malicious files and bad actors at the same time.

If you’re looking to learn how to keep your business safe from email-based attacks, see how Agari Phishing Defense works in action and sign up for our newsletter for the latest in email security.

 

Envelope with skull and cross-bones

December 1, 2021 John Wilson

Identifying and Mitigating Email Threats

Email  threats are ever evolving, and it’s important to stay up to date. Here are…

Woman-shopping on cell phone

November 30, 2021 Mike Jones

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the…

laptop with envelope and security badge-secure email

November 24, 2021 John Wilson

TLS for Email: What is it & How to Check if an Email Uses it

Transport Layer Security (TLS) is encryption to secure email messages between sender and receiver to…

Laptop with multiple paddle locks with key holes

November 11, 2021 John Wilson

SMTPS: How to Secure SMTP with SSL/TLS (Which Port to Use)

We’re going to go over what SMTP is, whether it’s truly secure enough (or if…

Man with laptop with large red email warning screen pop up

November 5, 2021 John Wilson

Spear Phishing Emails: What They Are & How to Prevent Them

Spear phishing is more focused than normal phishing. To protect against this type of phishing,…

mobile image