Stopping Phishing Attacks with Better Email Security

Phishing attacks are a constant problem for businesses and are one of the most widely acknowledged security risks on the minds of the business leaders we speak to. 

Rightly so!  We all accept risks when we communicate by email, and it can be nearly impossible to keep that line of communication open without letting a few illegitimate emails slip through our blind spots.

In this post, we’ll talk about how phishing attacks play out for businesses and share some ideas on how to defend yourself from this highly successful method of attack.

Phishing Email Attacks and Challenges

A phishing email attack is where a malicious actor uses an email to trick unsuspecting employees into clicking a malicious link, downloading a malicious file, or responding with information that can be sensitive or leveraged for further attacks. Sometimes, they even may trick users into purchasing gift cards or transfer money to an incorrect account. 

More targeted attacks may include ‘spoofing’ of trusted contacts or may come from an already compromised account (likely from a previously successful phishing attack).

In most of the phishing email attacks we see, the primary goal is to capture credentials by tricking you to log into a spoofed site, also known as credential harvesting.

In some cases, the person being targeted may not even realize what has happened. The attacker’s goal is to solicit a knee-jerk response or rely on urgency and emotions to catch the victim off guard. Without understanding how these attacks work and what common methods are used, employees are more susceptible to being attacked and less likely to know to report potential cybersecurity incidents.

It can be challenging to stay protected:

  • Training fails on occasion – Even a well-trained employee could be caught with the right email at the right time.  Maybe you were expecting a file and a phishing email happens to come in at the same time – perhaps by luck, or perhaps someone is watching other communications and is intercepting them to time their attack. Either way, mistakes happen, so training alone can’t be relied upon.

  • Email security isn’t perfect – You may have ways to stop malicious emails from getting through by using an email filter or Secure Email Gateway, however, these tools are not perfect. If a customer you communicate with is compromised, their emails are likely to bypass any security controls due to the trusted status of that email address.

  • Visibility of phishing email interactions is limited – When a phishing email is discovered, many businesses do not have a way to tell if a user clicked on something or opened a file. These are things that may take a deeper forensics investigation to understand.

  • Users can be de-sensitized to general banners – Bannering emails with a generic “This is from an External sender” is helpful, but the advantage can wane over time.  Many businesses communicate extensively with “External” email addresses. After seeing emails all day that say “External”, the banner loses some steam and employees will eventually ignore them.

  • Remediation can be difficult – Once you identify a phishing email, the process of keeping users from interacting can be a challenge as well. Many offices will broadcast an email message saying, “don’t click on that email”. However, many will read messages from oldest to newest and are likely to see the phishing email before the warning. Removing the email from inboxes can be a manual and very time-consuming process.

So, how do you stop phishing attacks?

As with any cybersecurity risk, we need to think about key factors that contribute to the likelihood of an event as well as the impact of that event. We reduce the likelihood of phishing attacks by creating layers of security to protect where we’re vulnerable. This concept is considered “Defense-in-Depth” – a topic we’ll write about in more depth in future blog posts.

Here are some high impact ways we implement defense-in-depth for email security:

  • Turn on MFA – As most phishing attacks target credentials, make it harder to use those stolen credentials. Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) leverage more than one security measure for authentication. It’s usually something you know (like a password) and something you have (like a mobile device). While it may seem like an inconvenience, it will often minimize the impact of a compromise.

  • Training – While people will still make mistakes, building a culture of security awareness is vital to keeping your staff aware of threats. At Rigid Bits, we use KnowBe4 with our clients, which not only trains them on concepts and common attack techniques, it also provides ways to simulate phishing emails in a safe way that helps keep staff on their toes.

  • Email best practices – Make sure to limit the amount of noise and potential threats by tuning your email system. Learn about and configure DMARC, SPF, and DKIM appropriately.

  • Implement NextGen AV – Antivirus is good, but Next Gen AV brings in more of an AI component to look at heuristics, behaviors, and not just recognizable signatures for viruses and malware.

  • Configure your firewall – Depending on your business needs and capabilities, you may be able to restrict access to known malicious websites or enforce outbound traffic rules.

  • Implement an email security solution – It’s important to have an email security solution that detects malicious emails, provides context as to why they are malicious, and allows for quick remediation if a malicious email makes it through.  

How does Rigid Bits address their phishing risks?

In addition to the items listed above, Rigid Bits uses GreatHorn Cloud Email Security internally and is now offering this to our clients.

GreatHorn is a little different from other email security solutions. Most solutions live outside the email system and are considered a Security Email Gateway (SEG). SEG’s analyze emails as they come in and determine what gets passed into the email system. Their protection and view of threats typically stop once the email is delivered to the employee.

GreatHorn integrates via API to Microsoft 365 and Google Workspace, which opens up the door for more capabilities around how threats are managed as well as how remediation works. In addition to being able to quarantine obvious threats, it solved many of the problems we see happening that lead to a higher risk of successful phishing attacks:

  • It provides in-the-moment training by showing users why a message is suspicious or malicious. GreatHorn can even preview pages to ensure users are certain the link they clicked is going where they thought it would. Having ways to remind us to think twice when something seems off is a great way to make sure that security awareness training concepts are top of mind.

  • It puts dynamic banners in place instead of generic messages, giving users more context and helping them confirm if the message is legitimate.

  • Remediation is simple. Since GreatHorn works in the actual inbox, it’s able to grab emails that need to be pulled back within just a couple of clicks. When an email needs to be removed across the whole business, it can be done in seconds.

  • Visibility improves by being able to see what actions occurred around a particular message. If a phishing email was discovered to have made it to inboxes, the system can tell you who clicked or interacted with it so you can take appropriate action.

  • GreatHorn is very effective in catching messages based on content, relationships to senders, and malicious links or files.  You also have the ability to create new policies or tune the defaults to meet the needs of your specific business requirements or for new threats.

Since turning on GreatHorn, we see fewer phishing emails in our inboxes and are able to be more equipped with tools to help us be cautious when we need to. Most importantly, we have the ability to view and manage the threats in our environment with more ease and speed.

Improve Your Email Security

If you’d like to learn more about how to begin addressing your own email security risks, check out the resources below:

Learning about phishing attacks is just the first step.

Rigid Bits and GreatHorn can help you take your awareness further by sharing more ideas about what threats may exist in your email system.

Contact us today for a free cybersecurity risk consultation and to learn more about ways to address threats that may exist in your Microsoft 365 or Google Workspace email systems. You’ll have a chance to see how easy it is to make a large impact on your risk of a phishing email attack.

About The Author
Rigid Bits
Rigid Bits
Rigid Bits is a cybersecurity firm that helps businesses identify and reduce their cybersecurity risks through consulting, professional services, and technology. They work closely with leadership and IT teams to help them test and reinforce the security of their environment while meeting compliance requirements and best practices. Rigid Bits also helps businesses become more prepared to stop cyber-attacks and supports breach investigation efforts with their digital forensics and incident response services.

Let’s Discuss Your Needs

Our experience with hundreds of businesses across diverse industries provides us with the expertise to understand your unique challenges.