Phishing Defence & Security Awareness Training

OUR APPROACH

Security solutions built to stop phish

Phishing tactics are always evolving and becoming more complex. Our Phishing Detection and Response (PDR) security solutions combine technology and unique human insight to catch and stop phishing attacks — before they hurt your business.

Detection

Detect and remediate phishing threats that hit the Inbox, within minutes

Response

Reduce security Operations burden through automated responses to phishing attacks

Integrations

Integrate the crowd-sourced intelligence of millions of users into other systems

Phishing threats are no longer static. As they evolve, so must the skills and resources needed to understand them and effectively respond. However, competition for security talent capable of preventing phishing attacks and responding appropriately is fierce. It is increasingly difficult to retain the skills your organisation needs, placing pressure on your budget and your phishing defence strategy.

Faced with increasingly sophisticated attacks, today’s security teams need a wider view of the landscape. Offloading email security tasks like the analysis of user-reported phishing emails to a team of dedicated specialists prevents you from being blindsided. Gain breadth and depth of coverage while focusing internal resources where they can have the greatest impact.

Gain Resources

Detect Faster

Manage Risk

Improve Response

Improve Your Organisation’s Phishing Defence

When a phishing email evades detection by all the technological solutions available and arrives in a target’s inbox, the only thing that will now stop the phishing attack from being successful is the vigilance of the intended target and supporting security leadership. Our anti-phishing services and solutions allow your security team to focus on mitigating real phishing threats through effective employee training, quick incident response and phishing threat remediation.

Take action today to increase your user’s awareness of the following phishing tactics and tell them ‘If you see something, say something’.

1. Emails Insisting on Urgent Action

Emails insisting on urgent action do so to fluster or distract the target. Usually, this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications it may be bogus.

2. Emails Containing Spelling Mistakes

Most companies now use spell-checking features in email clients or web browsers to ensure their corporate communications maintain a professional appearance. Emailspurporting to come from a professional source that contains spelling mistakes or grammatical errors should be treated with suspicion.

3. Emails with an Unfamiliar Greeting

Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used and those containing language not often used by friends and work colleagues likely originate from an attacker. These should not be actioned or replied to. Instead they should be reported to the organisation’s IT security team.

4. Inconsistencies in Email Addresses

Among other email security best practices to introduce is the random checking of senders’ email addresses – especially when an email address belonging to a regular contact is unfamiliar. By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.

5. Inconsistencies in Links and Domain Names

Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to encourage employees to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.

6. Be Wary of Suspicious Attachments

File sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).

7. Emails That Seem Too Good to Be True

Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so. Even when phishers use social engineering to appeal to the target’s curiosity or greed, the intended targets have not usually initiated contact. These emails should be flagged as suspicious at once.

8. Emails Requesting Login Credentials, Payment Information or Other Sensitive Information

Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat and respond to them accordingly.

TALK TO AN EXPERT

Cofence
ThreatX logo
Crowdstrike
thycotic
fortinet
zscaler
Rapid7
SentinelOne
netskope
ExtraHop
cyberfish
Qualys
Logpoint
IBM
mimecast
Cisco