How to Prevent Phishing
Planning and Prevention
Phishing attacks involve an incremental process known as a “kill chain”. If your organization is serious about preventing phishing, defending your customers, and safeguarding your brand reputation, you need to be deploying systems that help you move up the kill chain. This means taking steps that go beyond collecting intelligence and actually turning threat intelligence data into cyber attack prevention assets.
Understanding the Phishing Attack Kill Chain
Cyber criminals involved in spear phishing attacks move progressively up the “kill chain”, a process that ends in a successful phishing attack. The kills chain involves seven steps:
- Targeting: Identifying a target to defraud and curating an email list.
- Delivery: Sending messages to individuals on their targeted list.
- Deception: The victim is tricked into following the call to action from the criminal.
- Clicks: The victim clicks on the phishing site and attempts to load it in their browser.
- Surrender: The victim inputs data into the phishing site, thus surrendering it to the cyber criminal’s site.
- Extraction: The credentials are transmitted from the phishing site to the cyber criminal.
- Action: The criminal or an agent logs on to the account in question and transfers money, uses the stolen card number online or in person, or places an order to perpetrate the final fraud.
Turning Threat Intelligence Data Into Cyber Attack Prevention Assets
Investing resources into becoming smarter or more knowledgeable isn’t the same as taking action. The first step is putting data together in a way that enables you to take an anti-phishing approach. Understand how to identify a phishing attack, and take the following steps to start building predictability:
- Interpret data intelligence: What attacks have you seen in the past? What were the attacker’s motives — was it a politically motivated hacktivist attack or was the attack perpetrated for financial gain?
- Identify vulnerabilities: Do you have a disparate number of web services and IT estates? Analyze where your vulnerabilities are and how criminals might expose these gaps.
- Study past threats: Is the malware a new strain? Look at the attack vector and how criminals are using it to predict what might happen in the future.
- Determine if the threat is real: Consider whether the attack is a real threat that is being seen every day or if it is something that is being developed in the lab.
- Take action to prevent damage: Notify your affected customers? Have the credential-stealing website taken down? Implement controls to prevent delivery of phishing messages to your customers? Educate your employees?
Ultimately, a new approach to threat intelligence is needed for reliable protection. As the sophistication of cyber attacks is increasing and providing criminals with additional opportunities for collateral damage, Agari is bridging the gap in email security with cutting-edge technology that stops phishing attacks in their tracks.
Agari Customer Protect: A New Approach to Threat Intelligence
There are many email security solutions aim to stop criminals later in the kill chain, during the Click, Surrender and Extraction stages of a phishing attack. But, the earlier in the kill chain that controls can be inserted, the better the chance that organizations have of preventing their customers from being phished.
DMARC and Agari deliver a solution, Agari Customer Protect™, that can cut the chain at Delivery, when a proactive DMARC reject policy can prevent the message from ever landing in the inbox.
Agari uses DMARC forensic data to extract threat details and provide them to takedown vendors, who validate and classify the threat. This intelligence is then passed onto Google and Microsoft for inclusion in their anti-phishing lists. Now their browsers block the threats as well, making the controls at step 4 in the kill chain, the Click, far more effective in preventing emerging threats.
Request a demo today to learn how your organization can:
- Identify, isolate, and stop email attacks that spoof any trusted domain, including their own.
- Identify a phishing attack through global sender telemetry and predictive trust analytics.
- Gain unparalleled threat visibility into more than 10 billion email messages per day across three billion mailboxes.