By David Bull on Nov 20, 2013
Phishing is a widespread problem. According to Allen Paller, director of research at the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.
Can you tell if this email is legitimate or not?
Think about this:
How many packages does your company receive in a typical day? Likely multiple, if not dozens or more.
How many shipping confirmation emails does your company receive? Probably almost as many as you have packages coming in.
Are you confident that your employees are able to pick out one phishing email from the rest of their inbox?
Security is a year-round problem, and cybercriminals have become adept at using social engineering tactics to make their campaigns more effective. For example: they know that with more people buying products online, more people will be receiving shipping confirmation emails. Because of trends like this, even untargeted phishing emails have a higher chance of finding an unwary victim.
In addition, the impact of a cyberattack can be devastating. A successful attack can lead to the leakage of information such as credit card numbers, account credentials, social security numbers, intellectual property and financial information about your company, employees or customers. What impact would this have on your business?
Some common signs of a phishing email include:
- Attachments that seem out of place
- Links that send you to 3rd party pages, especially if the true URL does not match what is displayed
- Sender email domains that don’t match the company in the email
- Requests for login information or other sensitive data
- Asking you to take immediate action
What can you do to protect your company?
First, implement a strong security solution that secures both inbound and outbound email traffic. Capabilities to look for in a best-in-class solution include:
- Click-time protection that detects malicious links in real time as you click on them
- Robust built-in data loss prevention (DLP) to prevent the exfiltration of sensitive information
- Flexible Security-as-a-Service (SaaS), on-premises, and integrated hybrid deployment options to meet your organization’s needs
- Defense against advanced malware, spam, phishing, harvesting, and denial-of-service (DoS) attacks
- Compliance and encryption capabilities to keep your sensitive data safe
Next, set up a security policy and train employees to spot potential security violations and report them. In addition, provide employees with tools such as the ClickProtect Safe Preview, a feature of McAfee Email Protection, so they can safely preview pages and be alerted to malicious links in real time before landing on a potentially harmful website.
Lastly, be aware of social engineering that can leave your organization vulnerable. What are the timely events for your business that cybercriminals can leverage? For example, cybercriminals can use the news of an upcoming IPO to send emails pretending to be from the financial companies involved. Being alert to potential phishing opportunities makes it easier to spot attempted attacks. Learn about the ways cybercriminals make money with your email in this Osterman Research White Paper, and more on how you can keep your organization protected.
Learn more about McAfee Email Protection.