5 Steps to Enforce Phishing Protection
Why is phishing protection so important? Well, email communication has connected people in ways which seemed impossible just a few decades ago. Yet, whenever technology improves, some people try to exploit it for their own personal gain. With email we saw the rise of spam and phishing attacks, becoming even more prevalent in recent years.
Phishing is especially insidious in that it tries to manipulate its victims in to giving up confidential data by pretending to be something or someone who the victim would want to disclose information to.
Phishing protection has thus become an essential component of any company’s security initiatives. Like other such components, phishing protection not only safeguards the company’s assets, but it also protects the employees themselves. What follows are five steps that detail how you can protect your users from phishing attacks.
It may sound obvious, but many times education is overlooked in the strategic planning of how you can protect your network from email-based phishing attacks. Educating your employees on how email phishing works and what it looks like, as well as what to be observant for, can go a long way to providing an effective last line of defence against phishing attempts.
2. Email keyword filtering
Keyword filtering is the most basic level of protection your company can have against phishing attacks. While it is not very effective, it can still provide some value. If you only employ keyword checking then you need to strike a balance between accuracy and the high count of false positives you may obtain.
Also, do bear in mind that keyword checking is ineffective and can be circumvented fairly easily. It is hard to block keywords which apply to phishing attacks, but not to other legitimate emails, making this the least preferred method of protection.
Greylisting is an interesting technique. If your email protection software supports it, it can be a very useful defence mechanism, not just against phishing attacks, but also against spam in general.
What greylisting does is that when it detects email coming from a new unknown source, it rejects it with a temporary failure notification. Real email servers will then simply queue the email to be sent again later.
Spamming programs, which try to send out phishing emails to as many clients as possible, are unlikely to follow the proper email procedures and thus ignore the failed delivery. Because these attacks are then not resent, your system is protected from them.
Of course, this method of protection is successful as long as the phishing attacks are sent from previously unknown sources. Its effectiveness also requires the attacker to use email software that is not fully RFC compliant and doesn’t try to send failed emails later on. However, it is important to understand that these are not hard for a determined attacker to implement.
4. Bayesian Filtering
Bayesian filtering is a technique in which the email protection suite is taught how to identify the many different types of emails, including spam and phishing emails. This training is generally performed by the client or by the software vendor themselves.
Bayesian analysis of an email can have various degrees of success when it comes to phishing protection and the strength of this feature depends heavily on the quality of the training sample data.
5. Phishing Database
Some email protection solutions provide databases that can have the necessary information to detect phishing attacks through a combination of content and URL analysis. This is considered to be the most effective form of phishing protection you can have. If your email protection suite supports it, this should be your front line protection against phishing attacks.
These different methods can also be used in tandem to further strengthen you phishing protection capabilities. Many good email protection software offer many, if not all, of these techniques. Knowing how they work can help you better tweak your email protection solution, ensuring your users do not receive as few phishing emails as possible.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right solution for phishing protection and more.
All product and company names herein may be trademarks of their respective owners.
Phishing And How To Block It... Supporting Articles
- Phishing and How to Block it - Part 1
- Phishing and How to Block it - Part 2