Choose a multilayered defense to prevent phishing attacks.
As phishing email scams continue to successfully breach security defenses, more organizations are adopting a multilayered approach to security strategy in order to prevent phishing attacks.
Cyber phishing attacks typically begin with an email message that appears to come from a well-known or trusted company – social websites, financial institutions and shipping companies are frequent sources. The email directs the recipient to visit a website infected by malware, or a bogus website that asks the user to divulge sensitive information like passwords, Social Security numbers, credit card information and other confidential data. Spear-phishing, a more targeted phishing threat, focuses on a specific individual or role in the company and uses additional social engineering techniques to create more familiarity with the recipient.
Mimecast email security solutions can help to prevent phishing attacks with cloud-based services that block malicious attachments and URLs and with end-user empowerment services that promote greater phishing awareness among employees.
Prevent phishing attacks with Mimecast.
Mimecast's all-in-one, SaaS-based services not only help to improve security and prevent phishing attacks, they can significantly reduce the cost and complexity of all the tasks involved in managing business email.
To prevent phishing attacks, Mimecast Dynamic User Awareness services provide prompts that train employees to think twice about clicking on certain links or visiting certain sites. When a link or website is deemed suspicious by Mimecast's advanced threat intelligence, users will be directed to a web page where they'll see a message warning them about the site and asking whether they want to continue. Mimecast services also help to prevent phishing attacks by helping users spot the signs of a phishing mail message, including links that don't direct to the sender's actual website, domain names that appear to be slightly altered, and threatening language, misspellings and bad grammar that are uncharacteristic of the sender.
Mimecast's automated technology to prevent phishing attacks.
Mimecast provides sophisticated detection engines and advanced threat intelligence to protect email and users from malware, viruses, spam and data leaks. To prevent phishing attacks and other advanced threats, Mimecast offers Targeted Threat Protection services that include:
- Attachment Protect, a service that blocks potentially dangerous attachments by sandboxing them or transcribing them to a safe format.
- URL Protect, technology that scans all incoming email and blocks access to links and websites that Mimecast's threat intelligence deems suspicious.
- Impersonation Protect, a service that scans all incoming email for signs that the sender may be trying to impersonate a trusted source in order to dupe an employee into wiring money, transferring funds or divulging credentials.
Learn more about how to prevent phishing attacks with Mimecast.
FAQs: Prevent Phishing Attacks
What are phishing attacks?
Phishing attacks are a kind of cybercrime where attackers use email and pose as a legitimate business or trusted source to trick targets into revealing passwords, credit card details, bank account information, Social Security numbers and other sensitive data. Recipients are encouraged to click a link within the email that takes them to a fraudulent website, where hackers collect their personal information and may also download malware to the recipient’s computer.
How to prevent phishing attacks?
One of the most effective ways to prevent phishing attacks is to provide users with security awareness training that helps them to identify and avoid suspicious emails. Users can prevent phishing attacks by deleting and/or reporting email that contains signs of phishing attacks, such as:
- Requests to provide sensitive information about bank accounts, credit cards, login credentials and other personally identifiable information.
- Urgent messages that threaten negative consequences if recipients don’t comply quickly.
- Offers that are too good to be true.
- Salutations such as “Dear customer” that are general rather than personalized to the recipient.
- Misspelled words, grammatical mistakes and unprofessional wording – the result of emails being written by hackers rather than business professionals.
- Mismatches between the sender’s email address and the domain name of the company they purport to represent.
- Hyperlinks that would take the user to an unknown or suspicious website.
How to prevent phishing attacks from entering my mailbox?
To prevent phishing attacks from reaching end users, companies can deploy a variety of protective measures that include:
- Anti-malware and anti-spam protection that filters incoming email and blocks phishing attacks from reaching users.
- DNS authentication measures that use DMARC, SPF and DKIM protocols to identify and stop suspicious messages.
- Email scanning and filtering technologies that scan all email and prevent users from clicking on malicious links or opening weaponized attachments, and that identify malware-less attacks that use social engineering techniques to impersonate a trusted source.
- Two-factor authentication protocols that prevent attackers from using information they’ve stolen to access accounts.
How to prevent phishing attacks on websites?
Users can prevent phishing attacks through websites by evaluating each site they visit for a few simple criteria.
- Check the URL. Websites set up for phishing will tend to be slight variants of a trusted URL, where company1.com is substituted for company.com or where a URL like name.com is replaced by narne.com, using an “rn” in place of an “m”.
- Grade the content. Just like phishing emails, phishing websites are often riddled with mistakes, misspellings, bad grammar and poor language choices.
- Look for subpar design. Attackers usually build phishing websites fairly quickly, which can be apparent upon close inspection. The design may seem simplistic and slightly “off”, and the site may use low-resolution version of images and logos.
- Watch the language. Many phishing websites use language that has a sense of urgency and desperation as they attempt to pressure the user into revealing sensitive data. Legitimate websites, especially those in the financial industry, rarely if ever use this tone of voice.
What to do if I can’t prevent phishing attacks?
It’s unlikely that you’ll be able to prevent phishing attacks 100% of the time. If you happen to click on a link or provide information on a site you believe to be part of a phishing attack, you should immediately take these steps:
- Disconnect your computer from the Internet to prevent any malware installed on it from spreading or from communicating with attackers.
- Let your company and your IT department know what happened as soon as possible so they can limit the damage.
- Scan your computer for any malware or viruses that the phishing attack may have downloaded.
- Change your login information on accounts that may be compromised by the information you have given to prevent attackers from gaining access your accounts.
- Report the phishing attack to the Federal Trade Commission (ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (firstname.lastname@example.org) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).