A viewpoint by Olivier Innamorati, Senior Consultant.
We’ve all received a phishing email at some point in our lives. In 2021, 46,56% of global email traffic consisted of unwanted emails – of which phishing was proven to be one of the most compromising attack vectors. In this article, you will find 15 useful tips to protect yourself from such cyberattacks.
How hackers operate
Most phishing techniques follow the same pattern:
Step 1: Getting those clicks
The hacker needs to convince the email recipient that they are a legitimate sender. Hackers often accomplish this by spoofing an email address or by impersonating legitimate domains. Some hackers collect information about their intended target to forge a familiar-looking email.
Step 2: Bypassing protection
The hacker’s objective is for their target to open the malicious attachment or link. To bypass basic malware protection, hackers often hide malicious code in a file that is not supposed to be an EXE file (like a macro in a document or code in a PDF). Most malicious codes or links are well hidden in emails.
Step 3: Executing the malicious code or gathering information
It takes hackers several steps to develop a malicious code or link. First, they create a code that appears safe in order to bypass malware protection: this is the link or file that is displayed when the email is opened. However, there often an additional link or file within this code which upon activation executes a malicious code. This second link or file has not been seen or verified by mailbox protection since it is hidden within the first code.
Step 4: Compromising the account
Once a malicious code has been activated, the recipient’s account has been compromised. This may lead to extortion, theft of confidential information, encryption of the recipient’s data, etc.
How to protect yourself
Because it’s better to be safe than sorry, we advise you to enable and configure the three most popular types of anti-spoofing protection.
Tip n°1: Enable DKIM (DomainKeys Identified Mail). This is an email authentication method that validates the cryptographic signature in email headers. DKIM verifies sender domain authenticity and guarantees the message’s integrity.
Tip n°2: Implement SPF (Sender Policy Framework). This anti-spoofing method is particularly useful since it determines whether an IP address is permitted to send emails on behalf of the assumed domain name.
Tip n°3: Deploy DMARC (Domain-based Message Authentication, Reporting and Conformance). This email validation system relies on SPF and DKIM analyses as well as other checks, and carries out the appropriate action on a case-by-case basis.
It is important to keep in mind that anti-spoofing solutions will never be able to protect you from certain spoofing techniques, such as sending an email from a look-alike domain name (i.e., amarls.com instead of amaris.com).
Advanced configurations and dedicated tools
Another way to protect yourself from phishing and spam is to configure email filters and install anti-spam tools.
Tip n°4: Identify the most dangerous attachment types (.exe, .php., etc.) and set the mail server to block these types of files by default.
Tip n°5: Use a sandbox filter to test links and attachments before it enters the user’s mailbox.
Tip n°6: Install an anti-spam tool that can verify the reputation of the sender and set up rules for advanced email content filtering (like YARA rules).You can also add an email banner which will remind users to exercise caution when handling links or attachments from external contacts.
These filters and tools should shield users from receiving phishing emails in their inbox.
This is the very last barrier before a user opens the infected link or attachment. User awareness is crucial to preventing cybercrime.
Tip n°7: Conduct phishing awareness training at least once a year: teach users how to recognize phishing attempts.
Tip n°8: Plan and run a phishing campaign every year in order to evaluate user susceptibility to phishing attacks.
Tip n°9: Implement an easy and simple company-wide incident reporting process so users can immediately report any suspicious emails. Including a ‘report’ button in your mailbox may also be appropriate.
As cybercrime protection evolves, so will hackers’ tools: your people need to be prepared and properly trained to be able to spot phishing attacks.
But what if we click?
Fortunately, there are still defenses that can be put in place to prevent and reduce data breaches and compromised devices.
Once an infected file or attachment has been opened, only malware protection can intercept the malicious software from corrupting the user endpoint.
Tip n°10: Install an antivirus to protect users from common types of malware and malicious scripts.
Tip n°11: Install an EDR (Endpoint Detection and Response) to analyze the behavior of a program and to trigger an alert if it matches particular patterns.
Tip n°12: Disable the administrator account and debug privileges to limit the effects of malware.
It will never be possible to completely prevent all forms of malware since hackers are constantly adapting phishing techniques to bypass antivirus and EDR protection.
Some hackers set up phishing websites to obtain users’ credentials (login/password). However, even if these credentials are stolen, there are still ways to mitigate further damage.
Tip n°13: Enable MFA (Multi-factor Authentication) for all sensitive or important web applications. MFA requires an additional identity verification prior to account access, like requesting the user to provide a code which has been sent to the account holder’s phone.
Tip n°14: Configure IP filtering for all web applications. This will allow only specific IP addresses to connect to web applications.
Tip n°15: Turn on conditional access for web applications. Conditional access works by identifying a user’s normal access habits and blocks accounts which deviate from the norm or that perform unusual actions.
Today, most cyber insurance companies will request MFA to be enabled. Insurance prices may rise for businesses that have not installed this authentication mechanism.
Do you want to find out if your company is vulnerable to phishing? Get in touch with us today to learn more about our phishing audit offering.