What is phishing?
Phishing is a form of cybercrime where an attacker poses as a legitimate institution or a known person to trick an individual into sharing sensitive information such as bank account numbers, usernames and passwords, credit card details or other personally identifiable information (PII).
How to prevent phishing attacks
Top tips to prevent phishing scams are part of a multi-layered cyber security strategy that incorporates:
- “Thinking before clicking”—educating users to recognize and report phishing, e.g., suspicious email addresses, generic greeting (Hi there!), an unusual email or instant message, grammatical errors, links outside of the organization, an effort to create panic so as to prompt hasty action.
- Segmenting networks to keep highly sensitive data restricted, making it more difficult for cyberattacks to penetrate.
- Auditing the cybersecurity environment to assess vulnerabilities, identify emerging threats, and develop defensive strategies.
Installing technology to scan all inbound email in real-time and block users from clicking on links to suspicious websites, sandbox and scan all attachments for potential security risks, and identify suspicious URLs before they are released to users.
Stop phishing emails with superior protection
As email threats continue to evolve, it takes increasingly powerful technology to stop phishing emails and prevent spear phishing attacks from damaging your organization. Hackers continue to devise new forms of email phishing scams designed to trick users into wiring money to fraudulent accounts or divulging sensitive data like passwords, credit card numbers, bank account information and Social Security numbers.
While many companies have tried to stop phishing emails by training employees on ways to spot suspicious email, nearly one-quarter of phishing emails are nevertheless opened even after employees have been trained about the most common phishing techniques. That means, to truly stop phishing emails, you need technology that can eliminate the possibility of human error and automatically prevent phishing attacks from reaching your users' inboxes.
Choose a multilayered defense to prevent phishing attacks
As phishing email scams continue to successfully breach security defenses, more organizations are adopting a multilayered approach to security strategy in order to prevent phishing attacks.
Cyber phishing attacks typically begin with an email message that appears to come from a well-known or trusted company – social websites, financial institutions and shipping companies are frequent sources. The email directs the recipient to visit a website infected by malware, or a bogus website that asks the user to divulge sensitive information like passwords, Social Security numbers, credit card information and other confidential data. Spear-phishing, a more targeted phishing threat, focuses on a specific individual or role in the company and uses additional social engineering techniques to create more familiarity with the recipient.
Mimecast email security solutions can help to prevent phishing attacks with cloud-based services that block malicious attachments and URLs and with end-user empowerment services that promote greater phishing awareness among employees.
Mimecast technology to stop phishing emails
Mimecast Targeted Threat Protection, part of Mimecast's email security solutions, scans all inbound email in real-time to stop phishing emails and other advanced threats. As a cloud-based service, Mimecast requires no additional infrastructure or IT overhead to stop phishing emails – protection can be activated quickly and easily through the cloud platform. Mimecast provides protection on and off the corporate network and on mobile devices while creating no disruption for users.
How Mimecast solutions stop phishing emails
To stop phishing emails, Mimecast Targeted Threat Protection provides three levels of defenses against the most dangerous techniques used in phishing attacks.
URL Protect offers phishing protection against malicious links in messages by scanning all inbound email in real-time and blocking users from clicking on links to suspicious websites. Mimecast scans links in both live and archived emails on every click to defend against delayed attacks.
Attachment Protect helps stop phishing emails containing weaponized attachments by pre-emptively sandboxing them and performing security checks before they are delivered to employees. Mimecast can also transcribe attachments to a safe file format that neutralizes any malicious code.
Impersonation Protect scans inbound emails in real-time to stop phishing emails that may appear to be sent from a trusted source or legitimate business contact. Mimecast searches the header, domain information and body content for signs of social engineering techniques commonly used in whaling and CFO fraud attacks. Suspicious email may be blocked, bounced or tagged with a warning.
In addition to technology to stop phishing emails, Mimecast's email security solutions can also defend against malware, spam, data leaks and other advanced security threats.
Learn more about how to stop phishing emails with Mimecast, and about solutions for Office 365 phishing and virus ransomware