2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Prevent a phishing attack with advanced email threat protection.
An alarming 91% of hacking attempts today begin with some kind of phishing attack1. Phishing, spear-phishing attacks and whaling attacks are an attempt to gain access to confidential data by using email and social-engineering to dupe recipients into opening an attachment, clicking on a link, divulging confidential information or even wiring money to a fraudulent account. A phishing attack is often successful because it appears to come from a known or trusted source, often impersonating a C-level executive.
A phishing or spear phishing email attack can be remarkably difficult to identify. Even when employees are trained how to spot a possible phishing attack or CEO Fraud, 23% of phishing emails are still open2. With the potential for phishing scams to cause disruption to business operations, damage to reputation and loss of business costing millions of dollars, organizations urgently need a sophisticated solution for preventing a phishing attack.
Mimecast Targeted Threat Protection provides a highly effective solution for preventing a phishing attack. Mimecast Targeted Threat Protection defends against malicious links in email, weaponized attachments and social-engineering attacks to protect users and organizations from the dangers of advanced threats.
Mimecast improves phishing email and spear security by scanning all inbound emails in real-time, providing three levels of protection:
With Mimecast Targeted Threat Protection, organizations can:
What is a phishing attack?
A phishing attack is a cybercrime where attackers use an email, text or phone call that seems to come from a trusted or legitimate business to trick a recipient into revealing sensitive and valuable information such as passwords, Social Security numbers, credit card details and bank account information.
How does a phishing attack work?
The most common type of phishing attack involves an email that appears to be from a legitimate company and that urgently asks the recipient to visit a website by clicking on a link in the email. The message may suggest that there’s a problem with the user’s account, that someone is trying to hack their information, or that they need to confirm or change login credentials. The user is provided with a link that, when clicked, takes them to a fraudulent website that looks real, where they’re asked to provide information that attackers can use to access accounts to steal money or an identity. The website may also download malware to the user’s computer.
Why are phishing attacks successful?
Successful phishing attacks generally play on several factors:
How to avoid phishing attacks?
The easiest way to avoid phishing attacks is to be suspicious. Users should avoid any messages that:
Organizations can block phishing attacks by providing security awareness training that communicates these principles to employees. Companies may also use anti-spam and anti-malware programs, along with DMARC authentication technology that is extremely effective at stopping phishing attacks. Additional technology includes services that scan email for malicious links and attachments and block users from accessing them, and services that are specifically designed to identify the hallmarks of advanced phishing attacks.
What to do after a phishing attack?
If you have unwittingly clicked on a link in a phishing email – or if you have mistakenly entered information into a phishing website – you should take these steps immediately: