Prevent spear phishing

Prevent spear phishing attacks with Mimecast.

Prevent spear phishing attacks with Mimecast.

As phishing and spear phishing attacks continue to become more prevalent, organizations are seeking advanced solutions to prevent spear phishing and other targeted threats.

Spear phishing is a variation on email phishing scams that seeks to entice users to click on a malicious URL in an email that appears to come from a trusted source. Attackers may use spoofed Internet addresses or domain names, as well as social engineering techniques to fool employees into trusting the content of an email.

The risks are significant. 1More than 91% of hacking attacks today began with a phishing or spear phishing email and roughly 23% of phishing emails are open by employees even after they have received training to spot potential fraudulent messages.

To prevent spear phishing and other targeted threats, Mimecast provides a leading email security service to stop phishing emails from infiltrating corporate email infrastructures.

1 2016 Data Breach Investigations Report

Mimecast solutions to prevent spear phishing.

Targeted Threat Protection is part of Mimecast's all-in-one subscription service for managing email security, archiving and continuity more effectively. This solution helps prevent spear phishing and other advanced threats such as CFO Fraud andvirus ransomware by defending against malicious links email, weaponized attachments and social engineering techniques.

Mimecast helps prevent spear phishing attacks by providing comprehensive protection that can be easily managed and requires no additional infrastructure or IT overhead.

How Mimecast helps prevent spear phishing and other targeted threats.

To prevent spear phishing attacks and other similar threats, Mimecast Targeted Threat Protection provides phishing protection against the three most dangerous attack techniques:

  • Social engineering. To prevent these types of attacks, Mimecast scans all inbound email to spot indicators in the message header, domain information and message content that may indicate a message is suspicious.
  • Malicious URLs. Mimecast scans all URLs in incoming email on every click to prevent employees from visiting malicious websites. Mimecast also scans links in archived emails to prevent spear phishing attacks that may be delayed.
  • Weaponized attachments. Mimecast preemptively sandboxes and performs security checks on attachments before they are delivered to employees in order to prevent spear phishing attempts via malware embedded in those attachments.

Learn more about how to prevent spear phishing with Mimecast, and about solutions for stopping Office 365 phishingattempts.

Prevent Spear Phishing

FAQs: Prevent Spear Phishing

What is a spear-phishing scam?

A spear phishing scam is a highly targeted cyber-attack where attackers send email ostensibly from a trusted individual or a legitimate business. The email is designed to convince a target to take actions that can harm their company or divulge sensitive information that attackers can use to gain access to networks, email accounts and financial accounts.

How do you recognize a spear-phishing email?

There are several ways to spot and prevent a spear-phishing attack. A spear-phishing email may include:

  • A request to download a file or to provide sensitive information that is not typically shared via email.
  • A sender email address that does not match the domain name of the company the sender claims to be from.
  • An email format that is different than the emails typically received from the person or company the sender claims to be.
  • A link within the email that, upon inspection, would take the user to a fraudulent website rather than the website listed in the text of the email.
  • Suspicious files or unexpected invoices attached to the email.
  • Content within the email is unusual or out of character for the sender.

How can you prevent spear-phishing attacks?

One of the most effective ways to prevent spear-phishing attacks is to address the problem of human error – one of the biggest contributors to security breaches. To prevent spear-phishing attacks, companies can educate employees about how these attacks work, and about best practices for avoiding them. Security awareness training can help users to identify the telltale signs of a spear-phishing attack and to take certain actions – like confirming out-of-the-ordinary requests by phone – when emails appear to be suspicious.

How to prevent spear-phishing emails from entering my mailbox?

To prevent spear-phishing emails from reaching the inboxes of users, organizations can deploy technologies that include:

  • Anti-malware and anti-spam software that stop spear-phishing emails at the email security gateway.
  • Email scanning technology that evaluates every link and attachment within every email and prevents users from accessing URLs or attached files that are thought to be malicious.
  • Anti-impersonation technology that can prevent spear-phishing attacks by identifying techniques like header anomalies, domain similarity, sender spoofing, recently established domains and other malware-less, social engineering-based methods for impersonating a sender.
  • DNS authentication services that identify and stop suspicious messages using DMARC, SPF and DKIM protocols.

Where do I report a spear-phishing attempt?

Spear-phishing emails can be reported to a number of organizations dedicated to helping to prevent spear-phishing attacks. These include the Federal Trade Commission (, the Cybersecurity and Infrastructure Security Agency ( and the Anti-Phishing Working Group ( Users should also report spear-phishing emails to their company’s IT department, to the sender that the email is impersonating, and to the email provider who can take steps to adjust anti-malware and anti-spam filters to more effectively prevent spear-phishing attacks.