As email threats continue to evolve, it takes increasingly powerful technology to stop phishing emails and prevent spear phishing attacks from damaging your organization. Hackers continue to devise new forms of email phishing scamsdesigned to trick users into wiring money to fraudulent accounts or divulging sensitive data like passwords, credit card numbers, bank account information and Social Security numbers.
While many companies have tried to stop phishing emails by training employees on ways to spot suspicious email, nearly one-quarter of phishing emails are nevertheless opened even after employees have been trained about the most common phishing techniques. That means, to truly stop phishing emails, you need technology that can eliminate the possibility of human error and automatically prevent phishing attacks from reaching your users' inboxes.
Mimecast Targeted Threat Protection, part of Mimecast's email security solutions, scans all inbound email in real-time to stop phishing emails and other advanced threats. As a cloud-based service, Mimecast requires no additional infrastructure or IT overhead to stop phishing emails – protection can be activated quickly and easily through the cloud platform. Mimecast provides protection on and off the corporate network and on mobile devices while creating no disruption for users.
To stop phishing emails, Mimecast Targeted Threat Protection provides three levels of defenses against the most dangerous techniques used in phishing attacks.
URL Protect offers phishing protection against malicious links in messages by scanning all inbound email in real-time and blocking users from clicking on links to suspicious websites. Mimecast scans links in both live and archived emails on every click to defend against delayed attacks.
Attachment Protect helps stop phishing emails containing weaponized attachments by preemptively sandboxing them and performing security checks before they are delivered to employees. Mimecast can also transcribe attachments to a safe file format that neutralizes any malicious code.
Impersonation Protect scans inbound emails in real-time to stop phishing emails that may appear to be sent from a trusted source or legitimate business contact. Mimecast searches the header, domain information and body content for signs of social engineering techniques commonly used in whaling and CFO fraud attacks. Suspicious email may be blocked, bounced or tagged with a warning.
In addition to technology to stop phishing emails, Mimecast's email security solutions can also defend against malware, spam, data leaks and other advanced security threats.
What is phishing?
Phishing is a form of cybercrime where an attacker poses as a legitimate institution or a known person to trick an individual into sharing sensitive information such as bank account numbers, usernames and passwords, credit card details or other personally identifiable information (PII).
How does phishing work?
Phishing may be carried out via email, text messages or social media, and attempts to get a victim to click on a link that appears to be connected to a known business or entity. Frequently, that link will take victims a fake website that has the look and feel of a legitimate site or a site with which they are familiar. Victims are then asked to provide information such as bank account numbers, passwords or other sensitive information that can be used to steal identities, money and information.
How to stop phishing emails?
Preventing phishing requires a multi-layered approach to email security. This begins with security awareness training that helps employees to recognize the signs of a phishing email and to avoid divulging sensitive information. Using powerful filtering tools that identify phishing or impersonation attempts can help to prevent phishing emails from reaching employees’ inboxes. Security tools that scan email attachments and URLs within emails can help to neutralize malicious links.
How to spot phishing emails?
The following clues indicate that an email may actually be a phishing scam:
What is phishing vs. spear-phishing?
Spear-phishing is a type of phishing attack that is much more personalized to the victim. Where phishing attacks cast a wide net, spear-phishing attacks are usually targeted at a one individual at a time. Spear-phishing typically uses social engineering tactics, where attackers learn about a victim from social media sites such as LinkedIn, Facebook or Twitter. Attackers use this information to send an email that appears to be from someone familiar and which encourages the target to divulge sensitive information or wire money to a fraudulent account.