How to Protect Against Email Attacks

Telltale signs of a phishing email

How to Protect Against Email Attacks

Telltale signs of a phishing emailThe silver lining when it comes to threats delivered by email is that there are usually discrepancies that identify them as such, if you just know what to look for. The following are some examples. See the following page for details on each.

In addition:

Slow down. The average person spends 8-10 seconds scanning an email before they take action. Slow down and look for the clues that could indicate a phishing attempt.

If it sounds too good to be true, it probably is. Is the email offering you millions of dollars? Threatening to embarrass or hurt you? It’s likely that it is entirely fabricated.

Pay close attention to warnings. If you do recognize the sender and open an attachment, pay close attention to banner warnings about extensions or macros needing to be enabled (Figure 12). Rarely, if ever, are these necessary.

Attack prevention strategiesThere are several approaches that can be taken to reduce the risk that email threats pose.Run regular phishing exercises. Your employees are your greatest defense against phishing, especially the most tailored phishing attempts. Employees that can learn to recognize a phishing attempt outright can stop the #1 source of endpoint compromise.To raise awareness, run regular corporate phishing exercises to test and educate users. Emulate the latest real-world techniques to keep people abreast of what they may encounter. Cisco suggests running these exercises monthly, starting with easy-to-spot test phishing campaigns and gradually raising the complexity. For users that fall for emulated phishing attacks, provide education immediately (e.g. send a test “malicious” URL that leads to further information about phishing). For high-risk users in your organization, where significant damage could occur if they fall for a ruse, practice tailored phishing campaign exercises.Use multi-factor authentication. In the event that a corporate email account’s credentials are successfully stolen, multifactor authentication can prevent an attacker from gaining access to the account and wreaking havoc.The beauty of multi-factor authentication lies in its simplicity. Let’s say that someone does manage to get a hold of your, or someone on your network’s, login credentials and attempts to log in. With multi-factor authentication, a message is automatically sent to the individual who owns the credential to check if they just attempted to log in. The user, in this scenario, realizing that they did not just attempt to log in, denies the request outright. This successfully thwarts the attack.Keep software up-to-date. In some cases, emails that include malicious URLs may point users to pages with exploits. Keeping browsers and software updated, as well as any plugins, helps to alleviate the risks posed by such attacks.Never wire money to a stranger. This applies to advance fee fraud and BEC scams. If you’re at all suspicious about a request, don’t respond. For BEC in particular, set up strict policies that require the wire transfer authorization of a high-ranking individual within the company, and have a designated secondary signatory.Be careful with requests to log in. Malicious actors, intent on stealing login credentials, go to great lengths to make their pages look like the login pages you would be familiar with. If encountering such a login prompt, be sure to check the URL to ensure it’s coming from the legitimate owner’s site. If encountering a pop-up style window, expand the window out to make sure that the full URL, or at least the full domain, is visible.Make sure the email sounds plausible. In the case of scams like digital extortion and advance fee fraud, the senders often craft elaborate stories to try to convince you that the email is legitimate. Does the scenario as laid out make sense? Are there any holes in their stories, from a technical side, financial process perspective, or other? If so, approach with an eye of skepticism.