Data theft, attacks on IT infrastructures, ransomware: phishing is a frequently used hacker method, as it can cause enormous damage with relatively little effort. Companies should respond to the growing risks with optimized security standards. Franka Beyer from SoSafe and Julian Geils, Senior IT Security Consultant & Engineer at DGC, explain what to look out for when dealing with phishing mails and why it is so important to put your own employees at the center of the measures.
What is e-mail phishing and how does such a hacker attack work?
Julian Geils: Phishing refers to attacks in which cybercriminals send recipients a message by e-mail, for example, in order to trick them into performing an action. The scheme is initiated electronically, but the focus is clearly on people. This is because people have been identified as the main point of attack and the supposed weakest link in IT security – experts refer to this as social engineering. Psychological manipulation, such as building up time pressure, curiosity, fear or respect for authority, can be used to trick employees. This has drastic consequences, as the information disclosed is usually used by individuals or companies to misuse data.
In practice, we see a wide variety of phishing techniques, from spear phishing to whaling attacks to waterhole attacks. A common scenario is that the attacker sends an email with a contaminated link. The recipient is asked to follow the link urgently and to enter personal login data – for example, because suspicious activities on their own account are to be checked. In most cases, however, this is a fake website or malware.
E-mails with contaminated attachments pose an even greater risk because hackers can use them to gain direct access to company networks. We will discuss this in our joint webinar on September 13 and describe countermeasures.
How can phishing mails be detected?
Julian Geils: Various signs can indicate that it is a phishing attack. In addition to grammatical errors and a missing personal salutation, these are often visual deviations from the corporate design of the fake sender. For example, attackers resort to tricks to mask web presences. For example, the short link to a fake website could contain a numerical zero (“0”) instead of the letter “O/o”. Recipients should also be alert if an e-mail asks them to take action quickly or requests confidential data. Increased caution should also be exercised with dubious attachments, links and forms.
Nevertheless, there is no standard answer to how phishing e-mails can always be accurately detected.
Franka Beyer: This is mainly due to the fact that hacker tactics are constantly evolving and attacks are correspondingly more difficult to see through. In spear phishing, cybercriminals customize the mails to the person receiving them. They insert personal information or impersonate a trusted person, such as an executive, to appear more credible.
Artificial intelligence lends additional dynamism to criminal plans: attackers are thus able to automatically send realistic phishing mails – in large numbers and with increased chances of success as a result. In order to recognize phishing mails, the following therefore always applies: Be careful and keep your eyes open for inconsistencies.
Where to forward or report phishing mails?
Julian Geils: From a technical point of view, after reading a suspicious e-mail, employees should initially refrain from any further interaction with the e-mail. For example, if employees receive a strange-looking invitation to a summer party in which the marketing team asks them to enter their personal data in an attached Excel file, they should handle it with caution. To clarify the matter, it may well make sense to contact the supposed source via other means of communication. In addition, it is essential to inform the IT team and – if there is not yet a defined process for dealing with phishing mails – to ask them how to proceed.
Franka Beyer: Ideally, phishing e-mails should only be forwarded via reporting tools that are explicitly designed for this purpose. Employees can send an email directly from their mail program to IT and have it checked. This simplifies the reporting chain for both employees and IT, saves effort on both sides, and at the same time increases the phishing reporting rates. Above all, it is important to remember that if you have already clicked on malicious content in a phishing e-mail, you should immediately disconnect your computer from the Internet and call in the IT department before any major damage is caused.
What are the protective measures against email phishing?
Julian Geils: With solutions like spam filters and antivirus programs, there are technical ways to filter and delete suspicious email attachments before they can do any damage. However, they can mainly be used to block common attacks. Hackers often use other ingenious ways to ensure that their phishing mails still find their way into companies. It is therefore a fact that the best technology is only effective in combination with trained employees. Especially with regard to phishing, security managers should focus on strengthening the security awareness of the entire workforce. For this purpose, SoSafe offers an ideal interactive learning platform and DGC the practical knowledge for conducting security awareness training.
Franka Beyer: In fact, around 20 percent of phishing mails find their way through technical filters. The most important protective barrier is therefore safe behavior when dealing with e-mails. Security awareness training promotes the conscious handling of cyber dangers such as phishing mails, so that employees can ward them off in an emergency. Looking at recent statistics, it is clear that such training should be an important component of organizations’ security strategies: According to Verizon, 82 percent of all cyberattacks today involve a human factor. Often, these attacks start with a phishing email. And the Human Risk Review 2022 shows that one-third of all employees click on malicious content in these emails. Preventive security and awareness measures protect organizations from the often costly consequences.
What steps should companies take to protect themselves and employees from mail phishing?
Julian Geils: Step one should be to analyze the current state of IT security in order to identify possible differences to a good security concept. Based on this, appropriate technical measures should be implemented quickly. In parallel, IT security managers should – and this is a decisive factor – find a solution for how employees can be optimally prepared for dealing with questionable e-mails.
Franka Beyer: IT managers often struggle to communicate the relevance of the topic to the management level. They are well advised to draw on supporting data in discussions to demonstrate the positive effects of chosen measures on the organization’s security. Psychologically sound and effective security awareness training measurably reduces cyber risks associated with phishing . Interactive e-learnings, for example, are ideal for strengthening awareness: Depending on the level of knowledge, relevant knowledge on the topic is imparted and employees’ behavior is trained with the help of phishing simulations. Giving the entire team the tools to protect themselves is the most important step in keeping the entire organization safe from attack.
Would you like to know more about how cyber awareness training can empower your employees to secure IT? Contact us – we will be happy to advise you.
