Phishing mail

Combat the threat of phishing mail Mimecast

Phishing mail attacks are a growing threat.

Phishing mail attacks and spear-phishing threats have become a mainstay in the arsenal of cyber criminals. The reason: so many users are easily tricked by a phishing mail message into divulging credentials, personal data and financial information that hackers can use to commit identity theft.

Successfully preventing a phishing mail attack requires two things: greater phishing awareness among users about the dangers of phishing email scams and how to detect them, and powerful email security technology that provides automatic defenses against phishing mail attacks. That combination of security solutions is exactly what you get with Mimecast.

Combat the threat of phishing mail Mimecast.

Mimecast offers cloud-based solutions for email security, archiving and continuity in an all-in-one subscription service. With Mimecast, you can easily reduce the cost and complexity of managing business email while increasing security and availability.

Mimecast SaaS-based security services provide always on, always up-to-date protection that avoid the expense of traditional security gateways. Mimecast's services stop viruses, malware, spam and data leaks as well as advanced threats like cyber phishing. Mimecast also provides end-user empowerment services and tools that help employees better recognize the signs of phishing mail and that enlist them as front-line defenders to prevent phishing attacks and impersonation fraud.

How Mimecast stops a phishing mail attack.

Mimecast Targeted Threat Protection is a suite of services that defends email against advanced threats like phishing mail, a spear-phishing virus, CEO fraud and whaling. Components of this advanced security solutions include:

  • URL Protect. To protect against a phishing mail attack, Mimecast rewrites all links in inbound emails and scans the destination website in real-time to check its security and validity. If a site seems suspicious based on Mimecast's threat intelligence and global allow/block lists, the user will be prevented from visiting the requested site.
  • Attachment Protect. This service defends against malicious attachments by preemptively sandboxing suspicious attachments or rewriting them to a safe format before delivering them to users.
  • Impersonation Protect. Mimecast also combats malware-less attacks that use social engineering to impersonate trusted individuals. These attacks are designed to trick users into making wire transfers, processing financial transactions or releasing payroll information that could be used for identity theft. To block these attacks, Mimecast scans each incoming email for signs of an impersonation attack, and either quarantines suspicious email or notifies end-users that the email may be illegitimate.

Learn more about stopping a phishing mail attack with Mimecast.

phishing mail

FAQs: Phishing Mail

What is phishing mail?

Phishing email, or phishing mail, is a fraudulent attempt to trick individuals into revealing personal information like passwords, Social Security numbers, credit card numbers and bank account information. A phishing mail attacker accomplishes this by posing as a legitimate sender, re-creating the look of an email from a trusted company or person. A phishing mail may try to convince users that they’re about to lose access to an account, that their password needs to be changed, that there’s a problem with a payment or that there’s some other problem which can be remedied by clicking a link and visiting a website. Once users are on the phishing website (which is designed to look like a legitimate), they are asked to enter certain sensitive information, which attackers can then use to access their accounts, steal their identities or drain their bank accounts.

Why does phishing mail work?

Phishing mail attacks have been successful for several decades because they prey on several things that are common to most people.

  • A tendency to trust that the intentions of people are honest.
  • Fear of losing opportunities, money and access, or fear of reprisal from employers and government agencies.
  • A fast-paced life, where most people want to get through the email in their inbox as quickly as possible and may not stop to question whether a request for information is legitimate.

Phishing mail grows more sophisticated with each year. Phishing mail attacks are also quite easy and inexpensive to execute, and attackers only need for a few people to “bite” to make it worth their while.

How to recognize phishing mail?

Most users can spot a phishing mail attack if they look closely and follow these guidelines for evaluating any email. Phishing mail attacks are likely to include:

  1. A request for the recipient to click on a link and to enter sensitive information.
  2. Grammar and spelling mistakes and unusual word choices.
  3. An urgent tone and an insistence that the recipient must act quickly.
  4. A threat of adverse consequences if the recipient doesn’t respond.
  5. An offer that seems too good to be true.
  6. A claim that there is a problem with a user’s account, credentials, payment or data that must be remedied quickly.
  7. Suspicious attachments or unrecognized invoices.
  8. Hyperlinks that, upon closer inspection, would take the user to an unknown and suspicious website.
  9. Sender email addresses that don’t exactly match the domain of the company the email claims to be from.

Where to report phishing mail?

If you think you have received a phishing mail or have fallen prey to a phishing mail attack, you should report it to your company immediately in order to limit any damage. You can also report the phishing mail attack to your email provider, to the company that the email is impersonating, and to government agencies attempting to stop phishing mail attacks: the Federal Trade Commission at www.ftc.gov/complaint, the Anti-Phishing Working Group at reportphishing@apwg.org, and the Cybersecurity and Infrastructure Security Agency at phishing-report@us-cert.gov.

How to block phishing mail?

To prevent a phishing mail attack, organizations are wise to implement a variety of protective measures that include:

  • Security awareness training to help employees spot, delete and report phishing mail.
  • DNS authentication services that use SPF, DKIM and DMARC protocols to prevent spoofing and impersonation.
  • Email scanning and filtering solutions that identify and block access to malicious URLs and attachments.
  • Anti-impersonation software that scans email for header anomalies, domain similarity and other signs of malware-less, social engineering-based email attacks.
  • Anti-spam and anti-malware software.