Catch a Phish – Safestack

Date
Author:
Chris Chong – SafeStack

Phishing attacks continue to evolve and are becoming more complex, sophisticated and harder to detect.

Attacks are also increasingly targeted at individuals and organisations with the intent of not only accessing your data and/or stealing your money, but also infecting your systems with malware.  

Phishing scams used to be easy to spot. They look like clumsy imitations of real communications, but it’s now common to find phishing emails that look almost exactly like legitimate ones. Raising general security awareness amongst your staff remains vital. In a recent blog, SafeStack also explored how employees can increase their awareness of phishing tactics and help them avoid being victims.

Organisations need to think about what they can do to prepare themselves, to avoid becoming a target and decrease the chance of success for attackers. This increases the confidence of individual users when trying to identify a phishing attempt.

Below are three approaches your organisation can take to prepare itself: Looking after your internal team, watching for external impersonations and setting customer expectations:

Looking after your internal team

Set policies to guide internal expectations

Employees should be aware of the need to look out for unexpected messages. To do that, they need to know what is out of the norm. You can make it easier by creating guidelines on how to respond to requests for sensitive information or financial transactions. Specific policies will help your team identify unexpected requests, and take steps to verify that the request is legitimate.

Secure your domains from direct impersonation

If your domain name is not secured, a hacker can send emails that seem to come from someone within your organisation, and can target both your customers and your internal team.  

You can make it harder for someone to impersonate your organisation’s domain in phishing emails through your Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) configurations.

Watch for external imitators

Monitor for phishing campaigns imitating your organisation

Attackers commonly register look-alike domain names, such as “purchasing@otagoac-nz.org” or “dse@dousign.com”.

One way to stay on top of this threat is to monitor for domains similar to yours. These domains can be used to send phishing emails or host potential phishing websites. There are tools out there that can assist you with identifying look-alike domain names – so that you can get in front of potential attacks.

Set customer expectations

Let your customers know what type of communication they should expect to receive from you

By telling your customers “we will never ask for your password via email” it will be easier for them to detect phishy activity. It is also a good idea to encourage customers to adopt security practices, such as not reusing passwords. Think of every customer that accepts and advocates security practices as one less security risk. Plus, with each person you educate, you’ll be making the world a slightly safer place.

Finally, communicate early and clearly in the event of a breach. The recent Google Docs phishing scam was a good example, where Google immediately announced, addressed and provided follow up action for customers to take.

As phishing becomes more sophisticated, relying on recipients to spot them is still your last line of defence. By setting expectations for employees and customers, and monitoring for potential threats, you can reduce the harm these attacks could have on your organisation. 

About the writer:

Chris Chong does marketing at SafeStack, an Auckland-based security consultancy. The team has recently launched Dfend.io, a tool which can monitor for similar domains and alert you to SaaS security vulnerabilities.

Contact: support@dfend.io
Twitter: @dfend_io