Phishing Scams Have Reached New Heights: How to Improve Detection and ResponseLeon Ward
The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in Q2 of 2022 there were 1,097,811 total phishing attacks. This marks the worst quarter for phishing observed to date, exceeding Q1 of 2022 which was the first time the three-month total exceeded one million.
It’s no surprise that this week’s Cyber Security Awareness Month (CSAM) topic focuses on how we can all do our part to protect against phishing attacks, fraudulent emails that target specific individuals or organizations for the purpose of gaining unauthorized access to confidential information. For security professionals this means understanding how to mitigate risk from these increasingly pervasive attacks more effectively and efficiently. While for individuals this means learning how to recognize and report phishing emails. So, what does this entail more specifically?
What security professionals can do.
Spear phishing emails contain a wealth of hidden evidence that can be used to track and understand the methods used by attackers to target the organization. By extracting that information, security teams can better understand what to look for to identify other users that may have succumbed to the scam. Armed with this evidence, analysts can discover associations between multiple spear phishing messages to understand a wider campaign that may be underway.
Identifying malware samples across campaigns and associating them with adversary profiles (and therefore intentions) notably improves the ability to respond. However, conducting this level of analysis can be difficult and laborious. Typically, to discover these associations analysts must manually sift through messages and correlate the information they discover about the campaign with external data on adversaries and their methods.
The ThreatQ Platform simplifies and automates the process of parsing and analyzing spear phish emails for prevention and response and delivers a number of benefits and considerable efficiency gains. Based on industry research and our experience working with multiple clients, we calculated the ROI of using the ThreatQ Platform for spear phishing protection and found an annual savings of nearly $280,000—enough to produce a positive ROI and short payback periods after factoring in the cost of a ThreatQ license.
How individuals can help.
Even if you’re not a security professional, there are steps you can take to protect yourself and others from these types of attacks. It starts by making sure you recognize spear phishing and know what to do to avoid falling victim. Here are some useful tips:
- Remain on alert and think before you click. Instead of rushing through emails, be mindful of what you are receiving and from whom.
- Hover over the email address or links to see if they resemble legitimate addresses and watch for spelling and grammatical errors and generic greetings which can indicate the email is malicious.
- If in doubt as to the legitimacy of an email, don’t click on any links and delete it or call the person or organization that appears to have sent the email to verify its authenticity.
- Never respond to an email, text or fax with your personal data.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammatical errors, it’s likely a sign you’ve received a phishing email. Mark as phishing / spam.
- Ignore emails that insist you act now. Scam emails often try to create a sense of urgency or demand immediate action.
- If you have any doubts as to the legitimacy, report the message as a phishing attempt.
So, how do you report a suspected phishing attempt?
Most organizations offer some sort of user reporting mechanism which is the best tool at your disposal. When messages are marked as spam or phishing, not only are you training your email system’s spam and phishing detection algorithms, but you’re also alerting your organization’s security team of the incident so they can take preventative action and tune their configurations. This training and reporting can be done easily through the web interface of your email tool.
Working together, security professionals and individuals can mitigate the risk of spear phishing campaigns and even avoid falling victim in the first place. To learn more about how the ThreatQ Platform can help automate detection, analysis and response to spear phish emails, and deliver significant ROI, download our new white paper.