Tuesday, 11 August 2020 08:36

How to spot a phishing attack … before it’s too late

By Joanne Wong, LogRhythm
Joanne Wong, LogRythm Joanne Wong, LogRythm

GUEST OPINION by Joanne Wong, Vice President – International Marketing, LogRhythm:  It’s something almost every internet user has experienced. An email arrives, purporting to be from a trusted source, but in reality it’s an attempt to steal personal details or cause disruption.

Phishing is the technique that has become the most used initial attack vector in the world today1. It can have a significant impact on an organisation by leading to data loss, financial cost or even malware infections.

Despite investing in sophisticated IT security tools, many organisations find they still fall victim to these attacks. The reason is that the weakest link in defences when it comes to phishing scams is users. Despite being told many times before not to click on suspect links or open strange attachments, people still do.

This is, of course, good news for cybercriminals as it means the technique continues to pay handsome dividends. While people continue to fall for the techniques, they will keep on using them.

Spotting an attack

One of the most effective strategies to use when it comes to defending against phishing is ongoing user education. Staff need to be made aware – and regularly reminded – of how the technique works and what they should do in response. It’s termed ‘hardening the human attack surface’.

A first step is to explain to users how phishing content differs from legitimate email. They need to be encouraged to think about email content more from a technical perspective than a social one. Factors to be examined include:

  • Sender/sending details: Look closely at who is sending the email and from which domain. Examine the spelling, the email address, and the name of the sender. Is this sender someone with whom you frequently exchange emails? Is it claiming to be your CEO, but coming from a gmail.com domain? Misalignment of sender details is a good first indicator that something could be wrong.
  • The recipient: Users should always check whether the recipient of the email is in a higher-risk category within the organisation. This could be a staff member with access to financial information, intellectual property, or customer data. If so, extra caution should be taken as they could be attractive targets for criminals.
  • Subject line: Usually something associated with detecting spam, examining the subject line of an email can help to determine whether it is actually a phishing attack. Look for misspellings, incorrect grammar, and any other signs that the email might be unusual or from a strange source.
  • Links: While most emails use HTML, it’s important to observe whether the email supports tags and links that are used commonly in phishing emails. Initially, a user can usually hover over a link and determine where it points to. If it looks suspicious, it should be referred to the security team for further investigation.
  • Attachments: Even just the inclusion of an attachment from someone a recipient doesn’t know should be regarded as suspicious. Also, the type of attachment can also make a difference. For example, if you receive a password-protected Word document from someone you regularly do business with, and they have never sent one before, it should ring an alarm bell.
  • Content: The content with the email should also be examined. For example, if a Word document attached is a “proposal” that wasn’t expected, it should be deemed suspicious.

Comprehensive protection

Thorough user education is a key defence against phishing attacks, however it should always be backed up with the deployment of tools designed to automatically spot suspicious emails. These tools can act as another line of defence and are readily configured to identify emails that fit certain phishing criteria.

For example, the tools can compare the sending domain and sending server’s IP addresses against sender policy framework (SPF) and Domain Keys Identified Mail (DKIM) records. Attachments can be compared with known malicious file types, as well as with any analysis output from antivirus and endpoint-protection solutions.

By having a combination of comprehensive user education and robust security tools in place, your organisation will be well placed to avoid the disruption and loss that a successful phishing attack can cause. The technique is not going away anytime soon, so it’s important to be on constant alert.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News