The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
The dangers of a phishing email attack.
A phishing email attack is a fraudulent attempt to trick an email recipient into sharing sensitive information like login credentials, account information or personal data. The sender of a phishing email typically poses as a reputable business or known person to get the recipient to click on a link or open an attachment. In a spear phishing email, the attacker attempts to gain access to confidential data by posing as a trusted source, often within the same company. And in a form of phishing known as whale phishing, attackers can impersonate a high-level executive, tricking another employee into sending money to an account that turns out to be a sham or distributing sensitive corporate or personnel data.
Despite widespread education and efforts to make users aware of the dangers of this kind of fraud, phishing email attacks are surprisingly successful. In fact, 91% of hacking attacks today start with some kind of phishing email1. The costs of a successful phishing attack can reach into the millions of dollars, due to fines and legal action as well as business disruption, damage to corporate reputation and loss of customer confidence.
To mitigate the risks of a phishing email attack and improve spear security, Mimecast offers Targeted Threat Protection. This cloud-based service – part of Mimecast’s all-in-one subscription service for email security, archiving and continuity -- extends traditional gateway security to protect against all forms of a phishing email attack.
Mimecast’s service scans email in real-time to identify suspicious messages. With Mimecast, organizations can combat threats from a phishing attack with:
Mimecast Targeted Threat Protection defends against every type of phishing email threat.
Impersonation Protect identifies a whaling attack that uses social-engineering to trick employees into divulging confidential data or wiring funds to a fraudulent account. Mimecast scans all inbound emails in real-time, searching for specific signs of fraud in the header, domain and content of the message.
URL Protect prevents a phishing email attack by scanning all URLs within incoming and archived emails on every click and opening websites only if they have been determined to be safe.
Attachment Protect defends against weaponized attachments by sandboxing attachments and allowing only safe documents to be sent on to the user.
What is a phishing email?
A phishing email is an email that pretends to be from a trusted organization and attempts to trick the recipient into divulging sensitive information like passwords, bank account numbers or credit card details. Phishing emails may also attempt to get users to click on a link that will download malware to their computer.
How do phishing emails work?
The most common type of phishing email is one that impersonates a legitimate company, re-creating the look and feel of the company’s brand in the email. The message typically has a sense of urgency – it may report that there is suspicious activity on your account, a problem with a payment, or that it’s time to change a password. The message asks you to click on a link that will take you to a fraudulent website (which looks just like a real website) where you’ll be asked to enter login information, credit card numbers, bank account information or other sensitive data. Attackers can use this data to access your accounts and to steal your identity, valuable data and money.
How to recognize a phishing email?
There are several common things to watch out for that can help you recognize a phishing email.
How to block phishing email?
The best way to avoid the damages from a phishing email is to use a multi-layered approach to email security.
Where do I report phishing emails?
When you receive a phishing email, you should report it to: