Organizations understand the importance of protecting sensitive information and avoiding a data breach. However, security teams are struggling to contain phishing attacks. Security risks increase due to the inability to view and successfully filter email threats, accurately differentiate between marketing and phishing emails, and apply a multi-layered email security approach with rules to holistically track traffic and stop malicious actions in real life.
This article explores email security best practices to defend against phishing attacks to reduce cyber risk.
Phishing attack trends
Cybercriminals are always evolving their tactics to stay one step ahead of their victims. Here are a few recent changes:
1. Advanced social engineering: Previously, bad grammar and poor sentence structure made it easy for employees to identify a phishing messages. But cybercriminals have since evolved to using logos and studying the voice and tone of their target to mimic. Cybercriminals will also use social media to research how senior executives write, speak, or how their hierarchy is structed in order to infiltrate an organization.
2. Multiple phishing forms used in tandem: Cybercriminals want to create a sense of urgency to prompt victims to act quickly. To do this, they’ve turned to doubling or tripling-up on phishing techniques. The National Cyber Security Center reported several incidents where multiple phishing techniques were used, such as sending a whaling email followed up by a phone call (vishing) to quickly establish trust and confirm the request.
3. Hijacking an existing thread: Malicious actors can compromise