According to Tessian, 26% of employees have clicked on a phishing email in the past year.
Luckily, email security is improving, however it only takes one mistake for an employee to click on a link which can have devastating consequences for a business.
Below shows an outline of the most common types of Phishing attacks.
This is the most common type of attack. This is when the cyber criminal sends the same email to a large amount of people, usually asking for money. Some signs of these attacks are:
- Language with a sense of urgency
- Redirects and shortened links, using TinyURL or bit.ly
- Incorrect spelling, grammar or punctuation
- Email addresses and domains that don’t match
- Odd requests, such as asking for gift cards or transferring funds
These are low in volume and high in effort. Attackers use open-source intelligence to gather information about their targets such as name, position, employer, phone number. This information is then used to customise the email to deceive the victim into believing the attacker can be trusted.
These attacks are more likely to be successful as employees are more likely to follow instructions from someone they believe they can trust.
This is a form of spear phishing targeting high C suite or director level employees. The aim of these attacks is to gain access to the employee’s account.
Smishing and Vishing
Most attacks use emails but some criminals use SMS (smishing) or voice calls (vishing). The goal of these attacks is to gain access to sensitive information or money from their victims.
How to protect your business
Email Security Solutions
Some common features of email security solutions are:
- AI-powered phishing detection
- Behavioural intelligence modelling
- DLP functionality
- Anti-spoofing policies and DMARC analysis
- Automated detection, investigation and remediation
Most businesses rely on a third-party solution to increase their security and decrease the chance of a phishing attack.
The Human Firewall
A traditional firewall monitors and filters inbound and outbound network traffic, blocking anything malicious. Typically, it acts as a boundary between a trusted network, and an untrusted network.
A human firewall is when employees are given the tools and education to reduce cyber risk.
The foundation of any strong human firewall is a comprehensive education and awareness program. This education program should give employees the skills to detect a potential cyberattack, and what actions to take to reduce the chance of falling victim to an attack. Phishing awareness training should include common phishing methods, examples of phishing emails, how employees can reduce the amount of information online that can be used for spear phishing attacks and how to report a potential phishing email.
The human firewall is important as employees are the final line of defence. In an ideal situation, the previous security controls will stop a phishing attack before it lands in an employee’s inbox. However, this is not always the case, so employees need to be able to correctly identify a phishing email.
99.9% of attacks can be stopped with multifactor authentication (MFA).
With MFA enabled, even if a cybercriminal has the login credentials for an employee, they will also need access to their phone, or biometrics to access their account. MFA provides immense value and security for a business. It is quick to set up and is not expensive. For this reason, all businesses should implement MFA for all employees.
If you would like assistance with your email security, contact us today.