Preventing Phishing Attacks

(OBJ 5.6)

Anti-phishing Campaign

• By implementing the right strategies and providing user security awareness training, the threat of a successful phishing campaign against your organization can be mitigated effectively
• Essential user security awareness training tool that can be used to educate individuals about the risks of phishing and how to best identify potential phishing attempts
• Should offer remedial training for users who fell victim to simulated phishing emails
• In anti-phishing campaigns, offer remedial training for users who fell victim to simulated phishing emails

Security Awareness Training

• To help prevent phishing your organization should regularly conduct user security awareness training that contains coverage of the various phishing techniques
  • Phishing
  • Spear Phishing
  • Whaling
  • Business Email Compromise
  • Vishing
  • Smishing
• Along with other relevant cyber threats and attacks that may affect your organization
• This training should also highlight the common characteristics of phishing emails including
  • Generic greetings
  • Spelling and grammar mistakes
  • Spoofed email addresses

Key indicators of phishing attacks

• There are some commonly used key indicators that are associated with phishing attacks
  • Urgency
    • Phishing emails often create a sense of urgency by prompting the recipient to act immediately
    • Example: You won a brand new iPhone if you click in this link in the next 24 hrs
  • Unusual Requests
    • If your receive an email requesting sensitive information, such as passwords or credit card numbers, you should treat these emails with a lot of suspicion
    • Your bank will never ask you for your credit card number
  • Mismatched URLs
    • When you are looking at an HTML-based email, the words you are reading are called the display text, but the underlying URL of the weblink could be set to anything you want
    • URL might be for a different website or a fraudulent site
    • To check if the text-based link matches the underlying URL, you should always hover your mouse over the link in the email for a few seconds and this will reveal the actual URL that the link is connected to
  • Strange Email Addresses
    • If the real email address and the displayed email address don't match, then the email should be treated as suspicious and possibly part of a phishing campaign
    • To see the underlying email address hover over or double-click the displayed email address
    • If the organization's official domain is not used by the email, or if the email address is overly complicated, this is sign that the email might be part of a phishing attack
    • Example: An email pretending to be from a Microsoft administrator
  • Poor Spelling or Grammar
    • If an email has a lot of "broken English", poor grammar, or numerous spelling errors, it is likely to be part of a phishing campaign
    • More difficult with the use of AI writing tools

Mitigation

• Training
• Report suspicious messages to protect your organization from potential phishing attacks
• Analyze the threat
  • Using common indicators like the ones mentioned above
• Inform all users about the threat
  • If the phishing email was opened, conduct a quick investigation and triage the user’s system
  • Inform to not click on any suspicious links or provide any personal/sensitive data
• An organization should revise its security measures for every success phishing attack
  • Updating spam filters
  • Conducting additional user security awareness training

Conducting an Anti-phishing Campaign

• Create our own email
• Recommended program: Phish Insights - Now Trend Vision One Security Awareness
  • Wonderful free tool to create Anti-phishing campaigns
  • Follow the steps:
    1. Select Recipient
    2. Select a Template
       • Example: Use a LinkedIn connection request
    3. Select a Sender
       • Example: invitations@linkein.com
    4. Set a Schedule
       • Select Start time, time zone and campaign duration
       • You want to see if they learn over time
  • More options:
    • What happens if they click on one of the links?
      • Be told that you click on a link that you shouldn't have
      • Click here and you will get the anti-phishing training!
• You will be able to see who gets fooled