- 22nd June 2017
- Posted by: Fidus
- Category: Phishing
How to prevent phishing attacks
There’s no doubt that phishing is becoming more and more of a problem due to it’s successful and personalised nature. In fact, most of us have probably clicked on an e-mail that seemed legitimate at one point or another. In the recently published Cyber Security Breaches Survey 2017, it was reported that fraudulent and phishing e-mails accounted for a staggering 72% of all breaches in the UK. In today’s blog we will look at how to prevent phishing attacks.
Here at Fidus, our consultants have performed numerous engagements in which phishing was the successful point of entry into an organisation’s network. We’ve leveraged this knowledge to create a list of top tips to help you spot, defend against and prevent phishing attacks.
What is Phishing?
To prevent against phishing attacks, we must first understand exactly what phishing is. Phishing is the art of sending fraudulent and deceptive e-mails, usually under the pretext of somebody else, in order to gain personal information; such as usernames, passwords, credit card numbers, or to trick people into opening malicious files, such as ransomware.
Whilst some Phishing emails are very easy to spot due to grammatical errors, others are far more sophisticated and personalised. An example of a common HMRC Phishing e-mail can be seen below. Note the sending address and the lack of personal information in the e-mail.
Figure 1: HMRC Phishing E-mail
A more sophisticated phishing e-mail can be seen below. Typically, these Phishing emails are cloned from real emails and simply have a few factors changed, such as recipient name and HREF value in the URL. Note how legitimate this Phishing email looks.
Figure 2: Realistic Amazon Phishing Email
1. Employee Awareness & Training
Undoubtedly, the best way to prevent against phishing attacks is employee education. A phishing-aware employee will be able to spot malicious e-mails and report them via the correct channel before they have the ability to cause harm.
2. Periodic Phishing Assessments
Continuing on from employee awareness, it is important to test whether training has been effective and users are listening. A periodic phishing assessment can help establish user susceptibility to phishing e-mails and allow you to further target training where required. Here at Fidus, we offer consultant led phishing assessments, designed to fit your needs.
3. External E-mail Tagging
Tagging emails from external senders is a very effective way to instantly inform users that their newly received email has come from an external sender and they should remain diligent. To set up External email tagging in Exchange, follow the steps below:
- Navigate to Organisation Configuration > Hub Transport
- Click the Transport Rules button.
- Name it something appropriate, for example External Email Tagging
- On the Conditions page select the rule ‘The sender is located Outside the Organisation’
- On the Actions page, do the following: ‘Prepend the subject of the message with EXTERNAL:’
- Set the Mode to Enforce.
Figure 3: External Email Tagging
4. SPF (Sender Policy Framework)
Adding an SPF record to your domain’s DNS (Domain Name Service) record is the most effective way to prevent those launching phishing attacks from spoofing your domain name.
5. Spam Detection
A correctly implemented spam filter can help filter malicious e-mails and prevent them from reaching employee inboxes. Popular checks for spam rules include; Does the e-mail have attachments?, Is the reply-to address different from the sender address?, Do URL’s have different HREF values?
6. Patching, Patching and Patching
In the case of an exploit kit or attachment based Phishing email, it is important to ensure employees are routinely updating both core Microsoft products along with 3rd party software. This limits the likelihood of an exploit kit or attachment having any effect on the employee machine and thus preventing an attacking having access to the internal network.
7. Defence in Depth
Application whitelisting is an incredibly effective technique to make it very difficult for hackers to gain access to a machine. The logic behind application whitelisting means only specific, approved software can run on an employee’s machine and this should be the bare minimum that the employee needs to complete their daily duties. Along with this, most users on a network do not require access to cmd.exe or powershell.exe and these should also be disabled. Powershell is a very common method used by attackers to run malicious payloads and limiting access to this will greatly decrease the attack surface.