(Spear) Phishing issue – you’re doing it wrong and it’s costing you money !!

Phishing, once a key threat in the banking and finance sector, has now become a technique used by hackers targeting every industry sector – none is immune.

The Symantec Internet Security Threat Report always make a great read !.

Phishing, spear phishing, Business Email Compromise (BEC), whaling, CEO Email Abuse and of course SPAM – technically there are differences that would be lost to the average consumer but at the most basic level – these are all examples of fake emails.

So the question is – “what controls can be put in place to tackle the issue of fake emails ?”

Solutions do exist of course, both simple and more advanced. Don’t forget that email has been around for many decades – I remember offering managed email services with 50 MB of storage at the turn of this century – yes megabyte !!

Many organisations deploy solutions without taking the time to analyse the issue and are essentially throwing money away. For example :

  • Phishing – targeting consumers with emails that contain URL links to hacked webpages (phishing page) or malicious attachments – ACTION – perform enforcement to remove (takedown) of phishing page.
  • Spear Phishing /BEC / other variant – inbound targeting of employees that similarly contain malicious URLs and attachments – ACTION – subscribe to expensive cloud email filtering services that employ extensive Artificial Intelligence / Machine Learning (sic)

And yet – phishing (outbound) to consumers and spear phishing/BEC (inbound) still get through !

Here’s a very important tip – First step to fixing the (spear) phishing issue is :

Identify and reject the spoofed (spear) phishing emails that use your email domain.

The most obvious and widely used technique to impersonate an organisation (brand abuse) is to use their own email domain in the FROM address ie someone@mybank.com. The objective is to identify (audit) how the email domains are being used and by whom, and STOP any abuse by REJECTING fake/spoofed emails.

The average recipient doesn’t appreciate that email in fact has 2 FROM addresses -the first in the email header, MAIL.FROM and the FROM address that we see in our email inbox. We covered this in one of our first blogs – The fundamental flaw in Email .

Basic email controls exist to interrogate the MAIL.FROM email domains but only recently with the introduction in 2015 of DMARC (Domain-based Message Authentication, Reporting and Conformance) RFC 7489, has it provided us the ability to compare the domain across both the FROM and the MAIL.FROM addresses.

Tackle the basic 101 of email security hygiene steps before moving to tackle the other variants such as homo-glyph and display text abuse.

Undertake a DMARC Compliance project to lock down the organisation’s email domains against abuse.

In fact, it is Ingressum’s policy to ONLY provide our Online Fraud/Phishing Protect service to perform takedowns of phishing pages when we also undertake a DMARC Compliance project as well. Without controlling who can use the organisation’s email domains, you will be continually throwing money away by subscribing to expensive takedown services without tackling the cause.

After all, we protect our personal assets by locking the doors and windows when we leave home – now we can also provide this basic security for our organisation’s digital assets !

87 thoughts on “(Spear) Phishing issue – you’re doing it wrong and it’s costing you money !!”

  1. Pingback: Buy Toradol (Ketorolac) 10mg Online - Best Prices 2023

  2. Pingback: buy methotrexate injection online

  3. Pingback: cheaper zetia

  4. Pingback: buy etodolac 2023

  5. Pingback: discount card for lamictal

  6. Pingback: buy metoclopramide

  7. Pingback: buy strattera uk

  8. Pingback: trileptal cheap

  9. Pingback: exelon tablet dosing

  10. Pingback: benadryl pills itching

  11. Pingback: buy tizanidine no prescription

  12. Pingback: buy ventolin cheap

  13. Pingback: colchicine buy in canada

  14. Pingback: buy nitrofurantoin online

  15. Pingback: where can i buy lamisil

  16. Pingback: zocor prices

  17. Pingback: dilantin generic

  18. Pingback: diltiazem prices

  19. Pingback: buy generic meclizine

  20. Pingback: naltrexone discount

  21. Pingback: buy actos uk

  22. Pingback: cheap prednisone

  23. Pingback: buy fosamax

  24. Pingback: olanzapine prices

  25. Pingback: buy amantadine

  26. Pingback: buy requip xl

  27. Pingback: triamterene 2023

  28. Pingback: can i buy bentyl over the counter

  29. Pingback: buy arimidex - liquid

  30. Pingback: where can i buy nizoral ad

  31. Pingback: fluoxetine 10mg

  32. Pingback: buy dulcolax tablets

  33. Pingback: levothyroxine 2023

  34. Pingback: compazine 10 mg oral tablet

  35. Pingback: cheapest lipitor australia

  36. Pingback: elavil 75mg

  37. Pingback: cheapest keppra

  38. Pingback: can buy diclofenac tablets over counter

  39. Pingback: cheap pentoxifylline

  40. Pingback: furosemide 40mg

  41. Pingback: generic doxazosin

  42. Pingback: topamax tablets

  43. Pingback: buy orlistat in canada

  44. Pingback: cheap coumadin

  45. Pingback: buy ranitidine

  46. Pingback: decadron 1mg

  47. Pingback: nitroglycerin price

  48. Pingback: buy seroquel xr 300

  49. Pingback: lopressor 25mg

  50. Pingback: tamoxifen generic

  51. Pingback: cefdinir online

  52. Pingback: order premarin online

  53. Pingback: buy metoclopramide

  54. Pingback: buy ibuprofen 2023

  55. Pingback: cheap generic prevacid

  56. Pingback: buy claritin eye drops canada

  57. Pingback: cheap losartan

  58. Pingback: buy flonase over counter

  59. Pingback: where to buy robaxin

  60. Pingback: minipress prazosin tablets

  61. Pingback: buy divalproex

  62. Pingback: order tizanidine online

  63. Pingback: buy glucophage metformin

  64. Pingback: where to buy lasix online

  65. Pingback: celebrex discount card

  66. Pingback: pyridium 200mg

  67. Pingback: prednisolone 20mg

  68. Pingback: buy hydrochlorothiazide 2023

  69. Pingback: where can i buy clonidine

  70. Pingback: where to buy allegra 60 mg

  71. Pingback: order norvasc no prescription

  72. Pingback: zyprexa buy online

  73. Pingback: generic buspar

  74. Pingback: discount januvia canada

  75. Pingback: dimenhydrinate generic

  76. Pingback: best place to buy propecia

  77. Pingback: flomax cheaper

  78. Pingback: buy tegretol online uk

  79. Pingback: aricept tablet

  80. Pingback: haldol 1.5mg

  81. Pingback: cheap lisinopril

  82. Pingback: buy two prilosec get 25

  83. Pingback: atarax tabletten wirkung

  84. Pingback: buy depo provera shot no prescription

  85. Pingback: do you need a prescription to buy ventolin

  86. Pingback: what does clonidine pills look like

  87. Pingback: atarax 10mg tablets used

Comments are closed.