In March 2016, the Anti-Phishing Work Group detected 123,555 websites and 229,265 unique email campaigns dedicated to phishing. The lure? Spam.
The attacks pose a serious threat to businesses—and they’re beginning to change. Instead of mass-distributing thousands of bulk email messages, phishers are now researching their targets and narrowing their attack vectors.
If you’re unfamiliar with the ways that phishing relates to spam, we need to talk.
Typically, a phishing attack starts with an email message. This message might include a persuasive call-to-action, such as “Your email address has been reported as a source of spam . Click here to view the report.” The link either opens an attachment or directs the user to a website.
Either way, once the person completes the action, malware attempts to infect the user’s system. The system could simply be enrolled in a botnet , or the intent could be more devious—such as installing an app that sends sensitive trade secrets to a black-market dealer.
To protect against phishing attacks, it’s helpful to look at each point in the email process as a weakness, or potential point of failure. For example, when:
1. An email is received
In most phishing attacks, cyber-criminals try to send as many emails at once as possible. Spam blockers—which scan for combinations of attachments, bulk recipients and known keywords—aren’t perfect; as we’ve all discovered, the occasional email gets missed. However, even if spam blockers only filter out 99.9 percent of malicious phishing and spam attacks, as Google says its system does, they’re a great first line of defense.
2. A message is opened
A spam email may get through the filter and land in a user’s inbox. That person should know how to recognize it and what to do with it—so train users ahead of time. Stress that unsolicited emails, especially those with attachments, links, a compelling call-to-action, and bad spelling or grammar are often attacks. Instruct users to report those messages as spam (most email apps have a button to do so), which will help improve your spam filter.
3. A user responds to an email
Oops, a new employee wasn’t aware of the spam policy and accidentally clicked on a phishing link. This is where a proxy server or website monitoring app comes in handy. If the site is malicious—it has known flash exploits, or an IP address associated with phishing—the app or proxy server can block access and notify the user (and, hopefully, the IT department). If the attack comes from an attachment, group policies can be configured to prevent users from installing the malicious code (similar to Windows UAC).
4. You’re already infected
Maybe it was a clever attack: you suspect a legitimate email was intercepted, compromised and forwarded, and you didn’t realize it. Chances are, you’d be in damage control mode at that point. To remedy the situation, you would want to be using network-monitoring apps, modeled on traffic-pattern analysis, to watch for suspicious behavior. Once you find a device or service behaving unusually, you can track down the malicious software—and eliminate it, as soon as possible.