Top Ten Ways to Detect Phishing

Despite being a tactic that pre-dates the internet, and recalls the days of scams surrounding depositing large amounts of money in your bank account, phishing remains a major problem of online security. In fact, research by Ironscales shows that it accounts for up to 95% of successful cyber-attacks worldwide.

Phishing also accounts for the main delivery of malware, including ransomware, and business email companies. Reportedly, both Facebook and Google fell victim to these attacks in 2017, with the attacker making $100m from the scam.

Surely there must be a way to prevent phishing attacks, and enable employees to spot and delete such malicious messages? Infosecurity spoke to three anti-phishing vendors: Ironscales, Cofense (formerly PhishMe) and KnowBe4 to get the best advice on how to avoid becoming a victim.

01 - Leverage Awareness Training, & Include Simulated Phishing Tests
Using these tactics can help teach your users how to spot and report attempted phishing attacks.
Source: KnowBe4

02 - Understand the Dynamics of Different Attacks
Understanding the different types of phishing scams will better prepare victims for the most targeted of attacks.
Source: Cofense

03 - Move Detection to the Mailbox 
Organizations focus on the gateway, utilizing content filtering and signatures, allowing far too many malicious emails to slip past.
Source: Ironscales

04 - User Behavior Analysis and Mailbox Profiling
This type of profiling is crucial to ensure the detection and prevention of hyper-targeted phishing emails.
Source: Ironscales

05 - Use Multi-Factor Authentication
Enforce multi-factor authentication on users who handle the most sensitive information to help prohibit credential theft.
Source: KnowBe4

06 - Forensics, Response & Behavior Analysis
Combining behavioral analysis, mailbox profiling, automated forensics and response creates a multi-layered and holistic approach.
Source: Ironscales

07 - Share Threat Intelligence
Harnessing verified email phishing intelligence and event information can help organizations proactively defend their network gateways and endpoints.
Source: Ironscales

08 – Encourage Reporting of Suspicious Emails
Higher reporting rates equate to higher resiliency rates, and encourage employees to spot phishing messages.
Source: Cofense

09 - Use Secure Email & Web Gateways
Configure these to do URL filtering and block the most common malicious domains.
Source: KnowBe4

10 - Use Anti-Virus Software
Signatures will be updated regularly if you keep your software up-to-date.
Source: KnowBe4

What’s Hot on Infosecurity Magazine?