How to Prevent Phishing Attacks

Posted by Catherine Young

Whether you know it or not, your organization is under constant attack.  Cyber criminals are bombarding companies with phishing emails to steal data, money, and more.

In 2018, there were more than 1,600 successful breaches reported and more than 197 million personally-identifiable records exposed.  That represents a 126 percent increase in sensitive records from the previous year.  1.86 billion additional records were exposed in these breaches.  That’s just from breaches that have been reported.

What Is Spear Phishing?

Researchers determined that 90 percent of breaches are the result of phishing or social engineering. Email is the most common entry point for nearly every one of these attacks.  One of the most successful tools cyber criminals use is spear phishing.

The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spearphishing,” said Jeh Johnson while serving as Secretary of The Department of Homeland Security.

Using social engineering and information found on websites and documents, hackers impersonate someone you trust.  It might be a vendor you do business with, your boss, a colleague, or a financial institution.  Once the attacker convinces you the email is someone you trust, they con you into clicking on a link to open an attachment, give up your login credentials, or share confidential information.  In some cases, they’ve even convinced companies to do wire transfers that cost them millions of dollars and cost executives their jobs.

Your Company is at Risk

Cyber criminals are relentless in their tactics.  There’s big money at risk here.  Traditional anti-phishing software solutions aren't getting the job done.  In addition, no matter how much training you do, your employees are still going to click on phishing emails.  30 percent of the phishing attempts that wind up in employee inboxes get opened.

The best defense is to stop phishing emails from getting into employee inboxes in the first place.  INKY can prevent phishing attacks with state-of-the-art protection that goes beyond any other anti-phishing solution on the market. 

Detecting, Blocking, and Preventing Phishing Attacks

Other solutions, including those built into Office 365 or Google Suite, compare URLs and email addresses to lists of known threats.  Since it’s easy for the bad guys to change URLs and email accounts, this is less than effective.  INKY doesn’t stop there.  It uses spear phishing detection software featuring anomaly detection algorithms to establish a baseline of normal mail from each sender and compare new mail to the baseline.  When new mail differs from the norm, INKY knows the mail may be a spear phishing attempt.

INKY supports URL rewriting to prevent users from clicking on malicious links.  This happens in real-time which means clicks are protected with the latest threat information.  INKY also does deep link inspections by simulating a click through to the linked site.  It then examines the destination page for potential threats and security risks.

INKY uses Machine Learning and anomaly detection algorithms to create behavior profiles and social graphs of all users.  When an email arrives, it can identify suspicious behavior or suspicious identities that other phishing software miss. 

INKY flags potential impersonation attempts with color coded warning banners.  These can’t-miss warnings help provide on-going training for employees and give easy to follow guidance as threats are identified.  Users will see warning banners displayed in the body of the email.  That means even mobile users will see the warnings.  Other anti-phishing software solutions put the warnings in headers, which are easy to miss on mobile devices.

INKY prevents all sorts of phishing threats:

  • Whaling attacks that target the big fish:  Company C-level Executives
  • CEO Fraud that impersonates company Execs to get employees to wire money or expose data
  • Spear Phishing that appears to come from a trusted source
  • Brand Forgery that uses well-known company names or logos
  • Business Email Compromise (BEC) attacks that gain access to corporate email accounts
  • Zero Day attacks that other anti-phishing software hasn’t identified
  • Domain Spoofing which emulates legitimate websites
  • Malware that can cause havoc once inside your network
  • Ransomware that can hold your data hostage

INKY deploys inline as part of your normal mail flow. Some other anti-phishing software solutions rely on EWS or REST API to access email.  This scales poorly and delays mail delivery.  It can also create its own security worries since the service requires admin access.  INKY’s anti-phishing solution supports quick deployment with the ability to stage roll-outs by user groups.  Using standard Exchange controls, INKY has the ability to quarantine, folder, or drop malicious emails.

Prevent Phishing with INKY

For more detail on how to prevent phishing in your organization, download the free Welcome to 2019: Phishing Gets Personal Guide.  

To see INKY in action, schedule a personalized demo today.

Topics: phishing