Email phishing attacks pose a persistent threat to online security. Hackers employ various methods to deceive users and prompt them to disclose sensitive information. However, what is particularly concerning is that even with major technological advancements in security solutions, traditional anti-spam filters often find themselves powerless. According to Proofpoint's Threat Report, nearly 88% of organizations reported successful phishing attacks that bypassed their security filters in 2022.
These phishing attacks sometimes target lesser-known brands, such as your company's name or those of your clients and suppliers. These attacks can be particularly insidious, especially when they contain invoices or banking information and impersonate the identity of an unfamiliar company. Unlike well-established brands like Amazon, UPS, or Netflix, these attacks capitalize on the lack of familiarity to mislead recipients.
This combination of personalized content and domain spoofing can make these emails especially convincing and difficult to detect for market anti-spam filters, such as Microsoft Exchange Online Protection, Proofpoint email protection, Symantec Messaging Gateway, Cisco ESA/Ironport, etc.
Strategies to Guard Against These Attacks:
To effectively shield against the risks posed by these covert phishing attacks, several measures are essential:
DMARC Configuration in 'Reject' Mode: One of the most impactful actions organizations can take is configuring DMARC in 'reject' mode for their domains. This means that emails emanating from these domains, which are not authenticated with SPF/DKIM as per DMARC standards, will be rejected by their recipients rather than merely flagged as suspicious.
Interpreting DMARC Policies of Sending Domains: Setting up your anti-spam solution to interpret the DMARC policies of sending domains can help identify emails that don't adhere to these policies and manage them accordingly (Configuration intervention may be needed for Proofpoint email protection, Symantec Messaging Gateway, Cisco ESA/Ironport).
Monitoring and Takedown of Similar Domains: Continuously monitoring newly created domains that resemble yours or your regular contacts can swiftly uncover attempts at domain impersonation. These similar domains are often exploited in phishing attacks. Blocking them at the security solutions level, such as Microsoft 365 (O365), and adding them to blacklists prevents emails originating from these domains from reaching your users.
Phishing attacks targeting lesser-known brands present notably intricate challenges in terms of detection and prevention. Faced with this reality, proactive measures are crucial, including configuring DMARC in 'reject' mode for your domains, interpreting DMARC policies of email senders, and ongoing surveillance of similar domains for blocking. While eradicating these attacks completely might be challenging, a combination of robust security measures and user awareness can substantially mitigate the risks associated with covert phishing attacks.