How to avoid a Email Phishing Attack
February 8, 2021
If you have been using emails it is quite safe to say that at some point of time you would have been attacked / victim of an email phishing campaign. It could be anything from the prince of nigeria to winning a 10 Million lotto ! We all have our share of stories about the different types of phishing scams we have been through.
Email phishing attacks are very common and it is happening right now, we have got better at dealing with them and the best source of defence is user training.
If you are a business owner it is highly recommended that you are aware and your team is aware about Email phishing campaigns and are kept up to date. Almost every week there is news about phishing campaign stealing. Scams cost Australians more than $100M a year and this is just the reported amount, quite sure the amount which is not reported would be quite more than what has been reported.
The Australian government is doing a great job and regular publishing information [https://www.cyber.gov.au/acsc/register] One can register as an individual , businesses, large organisation and organisations at [https://www.cyber.gov.au/acsc/register] and be kept in the loop, They even have a quiz about the same .
But still a lot still needs to be done !
Why are Email Phishing attacks so common?
It is quite easy to execute an Email Phishing attack and it is just a numbers game, you send 100s or 1000s or 10,000s Emails very likely that someone may fall for it.
In short, email phishing attacks are of two types :-
- Tricking users to click on links in the email which leads to spoofed websites and then pass on sensitive information. Or
- Tricking users to click on links in the email to install malware on their machine.
Quite a few businesses are members of the local chamber of commerce who are the trusted advisor for businesses in their local area.
We ran some quick test on the members of the chambers of commerce and the numbers can speak for themselves
|Greater Springfield Chamber of Commerce|
While this is not the 100 % fix, engaging a professional will leave your business in a much better position.
Understanding all the technical bits can be time consuming and entertaining, we would recommend you focus on running your business and let us focus on running your IT.
Lets engage the professional and get them to do their job properly.
You need a strong technical partner in your team to leverage IT to grow your business.
Send us an email via this LINK with your domain name and we will run some test and provide you with Technical assurance.
Time and time we also come across a situation where an ex employee leaves the organisation and deletes all the email and empties the deleted folder which possibly results in email being lost forever, even if it is in the cloud.
IT (Information technology) needs to be treated with respect, We still come across businesses turning revenue in millions but still do not even have an IT partner to look after their technical sides.
The best form of defence against email phishing scam is user training.
No matter how good your IT Support provider is, if the user just clicks that link knowingly or unknowingly, it can get a bit tricky.
Hence training users is super important, Get your team members register at https://www.cyber.gov.au/acsc/register/individuals-and-families and have some sort of check list process so that new team members are also registered.
This way the user is provided with up to date information and can make educated decisions when they are in front of a spoofed email.
And sign up all team members to the free email alert service by Cyber.gov.au as it is up to date and easy to understand.
Have a look at the below video which is less than 3 minutes and it beautifully explains , We also send the link to this video when we on board a machine for our customer, This way we are refreshing / training the users just to make sure they think before they click .
Link to the video https://www.youtube.com/watch?v=XEtvwzN_xJk&feature=emb_logo
Also running simulated phishing attacks is a good way to understand those users who are vulnerable and can help identify where you need to spend more time with the users.
Running the simulated phishing attacks is super easy and there are some free tools out there as well.
More than 80 % successful data breaches started with a spear phishing attack, it all could have been avoided if the user had not clicked that phishing link.
- Think before you click on a link .
- Be informed about the latest phishing attacks.
- If you are unsure, never give out personal information and
- Keep your machines up to date. (or leave it for the professionals)
Step 3 – The Non Techie Stuff Verify the documentation
eg:- Terms in your Invoice , Processes documented in case bank account is changed.
Please update your terms and conditions in your invoices / purchase order or any other document in regards to payment to include the below
“ No changes to be made to banking or personal details without first being verified directly by phone with a nominated individual from our organisation and please call the tele no as per our website or XXXXX ”
If you are transferring funds to any business account query any changes to the bank account and ensure that there is a verbal and written correspondence. Ensure you check your records and call the right tele no as the tele no in the document you have may be false.
Have a checklist process in place and have it reviewed regularly to ensure that team members follow the right process specially when there is a change of banking details request.
Step 4 – The Techie stuff
If you are not interested to know about the tech stuff and just want to know how you can initiate a conversation for assurance , check out Step 5
Now the boring techie stuff !
- DMARC Record :- What it is and why is it important
- SPF Record :- What it is and why it is important.
- DKIM Record :- What it is and why it is important .
– DMARC Record :- What it is and why is it important
What it is- DMARC (Domain-based Message Authentication, Reporting & Conformance) is a way to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email.
WHY it is important- This is important to implement as it will make it more difficult for hackers to conduct phishing attacks that spoof your domain as their spoofed emails will not have the necessary authentication and can be easily detected and blocked by your domain.
HOW to implement it- This can be added to your DNS via a TXT record such as the sample record below.
SPF Record :- What it is and why it is important.
What it is- An SPF record (Sender Policy Framework) is used to indicate which hosts are authorized to send mail from a domain for your mail server.
WHY it is important- Having an SPF record can be invaluable as it will prevent hackers from sending out emails that aren’t from your mail server with your domain address. Often times hackers will try to “mask” their own domain by making it appear as though it is coming through your domain. With SPF record in place if the mail being sent out doesnt have the proper SPF authentication your domain will block it from being sent.
HOW to implement it- Similarly this is a TXT record that can be easily added to your DNS records. See the sample below for an example.
v=spf1 include:spf.protection.outlook.com -all
DKIM Record :- What it is and why it is important .
What it is- DKIM records (Domain Keys Identifier Mail) allows the recipient of the email to verify that is was sent and authorized by your domain by using a public key encryption.
WHY it is important- Having a DKIM record will help to protect your domain against email spoofers by validating emails sent out by your domain. By using the public key encryption it can compare the original email that was sent out with what was recieved to detect if there was any tampering done to the original message by hackers as well as confirm that the email was sent out by your domain.
HOW to implement it- This is the third and final TXT record you will want to add to your DNS server and will look similarly to the below.
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1psAF54fc+sGFIek+kJ0KP2WDqBqlwnMrXvszDsyBUPfKjrWIabl357kOqCAdkVKnvh6dLv4+O3ZMAsocSpTaw/JjrSugOcxVTa6xI2aEfMgXO0DAfxjb5oS7Yv8LUErSVl3mnGY6UaS1aSzcpT65sSIfvzGQo8/NXOQP3bVwrgqutgRYCI4nWBbe47pfipeZTaCfzDo2afI5+6ERrW56pNQsr1nuML9cZzCocJGjeoWTCHd6IIoRZ7bYiBf3PJFJN0zqIikzLGdpz5dzS6e6YhAznvKGXrqe6I1pvYDdT3mfZsJr0Zf8oNowSwZOaXjYoBE7oQ/8x+lyYes/w8QwIDAQAB;
Step 5 – Next Step – Lets do quick some quick free tests for you
Want to know if your domain is in need of protecting? Submit your domain through our website [LINK] and we will do a quick free test for you to let you know if your protected. Please be advised that due to our small time there may be some time before we are able to get back to you however we will do our best to respond as soon as possible.
Also to make this super easy for you, We have drafted a quick email which you can forward to your current IT Provider.
Just wanted to reach out to you to verify if we are doing our best to be protected against phishing attacks.
I just read a blog post from a trusted advisor which advised what a phishing attack is and how we can reduce the possibility of being a target at XXXX.com
If you can kindly verify from your end as well that would be much appreciated.
Eddie looks after marketing campaigns for Ironclad. In his pre-tech life, he worked as a journalist on the San Francisco Peninsula. Off hours, he dreams of England.