In 2019, 88% of organizations around the world that were surveyed were the target of a spear phishing attack. With the rise of phishing attacks in recent years, malware has taken a back seat. Hackers are less interested in deploying malicious code to devices and much more interested in gaining login credentials and sensitive information. That's why it's becoming absolutely vital that organizations understand how to prevent phishing attacks.
Most people are familiar with email phishing. You get an email from someone you know or a company that you're a customer of asking you to take some sort of urgent action. CEO fraud is an incredibly common form of email phishing. It's where a party pretends to be the CEO of a company and targets an employee with the goal of getting them to take some sort of action that would allow the deceptive party to benefit. But phishing isn't just done via email.
A major component of most phishing campaigns is a phishing website page. For instance, at DNSFilter we see fake Chase login pages, like this one, weekly:
This type of mimicry is known as "website spoofing" or "domain spoofing." But other phishing pages may be acting as a completely fake company without any imitation.
Phishing websites like the one above might be found in emails (as mentioned above), malicious ads, search results, or even linked from trustworthy pages.
But phishing can also occur via phone calls. This is called vishing, as in voice phishing. Similarly, phishing via text messaging is known as smishing (SMS phishing).
While a lot of phishing attack attempts are engineered to be deployed as broadly as possible, spear phishing campaigns are highly targeted. The hacker is likely interested in targeting a particular company and will scrape information from the company website and target active employees into handing over sensitive company information. There can be a lot of range in how a spear phishing attack appears, but overall these attacks are highly customized.
You might have also heard of the term "whaling." Whaling attacks are even more customized spear phishing attacks. While spear phishing attacks usually target lower-level employees, whaling goes after "big phish." That means hackers are targeting the C-suite. They might impersonate partners, major banks, or large customers.
In order to prevent phishing, it's important to know how to recognize it. There are a few key things to look for. If something strikes you as suspicious ask yourself these questions:
If anything ever seems questionable, treat it as phishing until proven otherwise.
Yes, phishing is everywhere. It's customized. And it's well-orchestrated. So what actions can you take to prevent phishing attacks?
For any type of cybersecurity prevention measures, education will always (and should always) be at the top of the list. Educate your employees. The ability to recognize a phishing attack in the wild is the first step in preventing them completely. Building a cybersecurity-aware culture needs to be built on education. Employees should feel empowered to report threats and question if an email is legitimate or a phish.
By enabling DNS protection, you can filter out phishing sites altogether. That means if an employee opens and clicks on a phishing email, the link in the email won't work.
At DNSFilter, we have 7 threat categories including "Phishing & Deception", which we define as "Fraudulent websites that aim to trick users into handing over personal or financial information." Blocking these websites is an obvious step in preventing phishing attacks.
Phishing sites are generally set up on newly registered domains. And they're likely taken down early on in the domain's life as people catch onto the fact that these sites are a threat. That's where domain greylisting comes in.
Domain greylisting is the act of blocking newly registered domains to protect users from possibly malicious sites. With DNSFilter, you can block domains for the first 30 days after they've been registered. This is generally enough time for a domain to be discovered as a threat and subsequently taken down.
If someone at your company has been phished, they need to change their passwords. They should also do an anti-virus scan in case this phishing attack deployed some sort of malware.
Finally, and most importantly, they should inform the security point person at your company. This way, they can alert other employees to watch out for phishing schemes like this and to do a more thorough investigation into if this was a spear phishing campaign. They might also choose to take additional actions both to safeguard information lost and protect employees in the future. After all, each phishing attempt is also an educational opportunity.
As a DNSFilter customer (or trialist), if you've found an unblocked phishing site you can also submit it to us so that we can block the domain through our Domain Lookup tool. In Domain Lookup, type in the domain in question, and select "Report threat" if it is not already listed as a threat.
Not only will this help other DNSFilter customers, but this will also enable our AI to continue to learn about new threats so it can recognize them before you do.
For more on phishing attacks, download our whitepaper The Price of Phish.
An Interview with Remote Work Expert Kaleem Clarkson
Companies and their employees are seeing the benefits of moving workforces to a virtual (or work from home) distribution. We sat down with remote work expert, Kaleem Clarkson, for a deeper dive.
Domain Intelligence from Full-Scope Cyber Threat Intelligence: An Introspective
Alex Applegate, Threat Intelligence Researcher at DNSFilter, shares what went into his decision to shift his cybersecurity focus to domain intelligence research.
RSAC 2022: The Rise of DNS-Based Attacks
With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.