Protecting Against Phishing Emails
April 17, 2020
In 2019, phishing attempts had a 37.9% success rate. In the wake of COVID-19 outbreaks, the number of phishing attacks has grown significantly. With an astonishing average click-through rate, it is more important than ever to examine your email security plan.
Here are a few steps you can take to protect your users and data:
Familiarize yourself with standard phishing language
There is standard language and content that is common among phishing attempts. Below are what we see most frequently:
- Unsolicited COVID-19 information
- World Health Organization (WHO) information
- “Please see your invoice attached”
- “Click here to open your scanned document”
- “Your package has shipped. Click here for shipping information.”
- “Please verify this transaction”
Putting these phrases on your radar can help you identify them as they pop into your inbox.
Make your email security tools work for you
Everyone has a tool in place for email security. But when was the last time you check the settings and effectiveness of your tool?
We at Brite are huge fans of Proofpoint’s suite of tools – and optimizing the implementation of its tools. Here are a few tips to maximize your organization’s protection with Proofpoint. (Note: Although the references are Proofpoint specific resources, many other email protection providers may have similar resources).
- Utilize the open IDS rule sets related to detected COVID-19 specific attacks
- Gain visibility into COVID-19 specific phishing attempts with Proofpoint TAP campaign views
- Secure remote workers with cloud-based protection
Educate your employees about phishing
No one starts their day saying, “I am going to look for, open and click every phishing email I can!” When a phishing attack is successful, it is not a malicious from the recipient acting to bring down the company. It is someone who falls victim to a strategically crafted message that prays on social conditioning, especially during emotional times like brought on by the novel Coronavirus.
Education of end users is an easy step to take that minimizes the success rate of phishing attempts. It’s takes burning your hand once to learn to not touch a hot pot. Having a savvier team that is on alert for phishing attempts means that any emails that sneak through email filters have an even lower success rate. By utilizing tools like Proofpoint Wombat and KnowBe4, bring an average 37.9% phishing success rate down to 4.7%. Let your end users be front line defenders!
You already have great tools in your toolbox. Now it is time to make sure they are all working as hard as possible for you. If you have any questions on how to better utilize current investments, like your email protection and education tools, reach out to us via our contact us page or chatbot.
Posted in Cybersecurity Technology, Security (Legacy)