Stop phishing emails with superior protection from Mimecast.
Phishing is a form of cybercrime where an attacker poses as a legitimate institution or a known person to trick an individual into sharing sensitive information such as bank account numbers, usernames and passwords, credit card details or other personally identifiable information (PII).
Top tips to prevent phishing scams are part of a multi-layered cyber security strategy that incorporates:
Installing technology to scan all inbound email in real-time and block users from clicking on links to suspicious websites, sandbox and scan all attachments for potential security risks, and identify suspicious URLs before they are released to users.
As email threats continue to evolve, it takes increasingly powerful technology to stop phishing emails and prevent spear phishing attacks from damaging your organization. Hackers continue to devise new forms of email phishing scams designed to trick users into wiring money to fraudulent accounts or divulging sensitive data like passwords, credit card numbers, bank account information and Social Security numbers.
While many companies have tried to stop phishing emails by training employees on ways to spot suspicious email, nearly one-quarter of phishing emails are nevertheless opened even after employees have been trained about the most common phishing techniques. That means, to truly stop phishing emails, you need technology that can eliminate the possibility of human error and automatically prevent phishing attacks from reaching your users' inboxes.
As phishing email scams continue to successfully breach security defenses, more organizations are adopting a multilayered approach to security strategy in order to prevent phishing attacks.
Cyber phishing attacks typically begin with an email message that appears to come from a well-known or trusted company – social websites, financial institutions and shipping companies are frequent sources. The email directs the recipient to visit a website infected by malware, or a bogus website that asks the user to divulge sensitive information like passwords, Social Security numbers, credit card information and other confidential data. Spear-phishing, a more targeted phishing threat, focuses on a specific individual or role in the company and uses additional social engineering techniques to create more familiarity with the recipient.
Mimecast email security solutions can help to prevent phishing attacks with cloud-based services that block malicious attachments and URLs and with end-user empowerment services that promote greater phishing awareness among employees.
Mimecast Targeted Threat Protection, part of Mimecast's email security solutions, scans all inbound email in real-time to stop phishing emails and other advanced threats. As a cloud-based service, Mimecast requires no additional infrastructure or IT overhead to stop phishing emails – protection can be activated quickly and easily through the cloud platform. Mimecast provides protection on and off the corporate network and on mobile devices while creating no disruption for users.
To stop phishing emails, Mimecast Targeted Threat Protection provides three levels of defenses against the most dangerous techniques used in phishing attacks.
URL Protect offers phishing protection against malicious links in messages by scanning all inbound email in real-time and blocking users from clicking on links to suspicious websites. Mimecast scans links in both live and archived emails on every click to defend against delayed attacks.
Attachment Protect helps stop phishing emails containing weaponized attachments by pre-emptively sandboxing them and performing security checks before they are delivered to employees. Mimecast can also transcribe attachments to a safe file format that neutralizes any malicious code.
Impersonation Protect scans inbound emails in real-time to stop phishing emails that may appear to be sent from a trusted source or legitimate business contact. Mimecast searches the header, domain information and body content for signs of social engineering techniques commonly used in whaling and CFO fraud attacks. Suspicious email may be blocked, bounced or tagged with a warning.
In addition to technology to stop phishing emails, Mimecast's email security solutions can also defend against malware, spam, data leaks and other advanced security threats.
Phishing may be carried out via email, text messages or social media, and attempts to get a victim to click on a link that appears to be connected to a known business or entity. Frequently, that link will take victims a fake website that has the look and feel of a legitimate site or a site with which they are familiar. Victims are then asked to provide information such as bank account numbers, passwords or other sensitive information that can be used to steal identities, money and information.
The following clues indicate that an email may actually be a phishing scam:
To prevent phishing attacks from reaching end users, companies can deploy a variety of protective measures that include:
Preventing phishing requires a multi-layered approach to email security. This begins with security awareness training that helps employees to recognize the signs of a phishing email and to avoid divulging sensitive information. Using powerful filtering tools that identify phishing or impersonation attempts can help to prevent phishing emails from reaching employees’ inboxes. Security tools that scan email attachments and URLs within emails can help to neutralize malicious links.
It’s unlikely that you’ll be able to prevent phishing attacks 100% of the time. If you happen to click on a link or provide information on a site you believe to be part of a phishing attack, you should immediately take these steps:
Spear-phishing is a type of phishing attack that is much more personalized to the victim. Where phishing attacks cast a wide net, spear-phishing attacks are usually targeted at a one individual at a time. Spear-phishing typically uses social engineering tactics, where attackers learn about a victim from social media sites such as LinkedIn, Facebook or Twitter. Attackers use this information to send an email that appears to be from someone familiar and which encourages the target to divulge sensitive information or wire money to a fraudulent account.