Abstract White Grid

Webinar Recap: Blocking Phishing Attacks Before Employees Bite

Credential phishing attacks can lead to loss of revenue, loss of data, and long-term reputational damage. Learn why these attacks are successful and how to block them.

July 25, 2022

Nearly every business—from the largest enterprises to SMBs with a handful of employees—relies on email as their primary method of sending and receiving information. And since the average company uses more than 200 different software solutions, employees are accustomed to regularly receiving emails asking them to do things like confirm their identities and reset their passwords.

When you take those two facts into consideration, it’s not surprising that credential phishing attacks are the most common email-based threat organizations face.

In a recent webinar, I sat down with Graham Cluley, cybersecurity expert and host of the Smashing Security podcast, to discuss the latest in phishing attacks.

Here are five key takeaways from the webinar.

Modern Phishing Emails Are Significantly More Believable Than Early Phishing Emails

Many professionals are operating under the assumption that today’s phishing emails are just as poorly-worded or obviously malicious as those from ten years ago. But modern threat actors design detailed phishing emails and sophisticated phishing sites that are nearly indistinguishable from the impersonated brand’s actual messages and website.

For example, many attackers use links to the brand’s real website in the header and footer of the email, and then only include a single link to the phishing site in a CTA. When a target hovers over one of those other elements and sees it's a legitimate link, it can be enough to convince them the email was sent from the impersonated brand.

Further, it’s relatively easy for threat actors to determine which email provider an organization uses. And once they know, they can create phishing emails using Google’s or Microsoft’s own branding, fonts, and logos.

Attackers Leverage Every Information Source Available

Social media networks are filled with information that threat actors can exploit.

Attackers can look up a specific organization on LinkedIn and find all of the employees who have recently been hired. Then, they can send an email pretending to be from HR and tell the recipients they need to log in to view new hire paperwork. Since the targets haven’t received security awareness training yet and are expecting messages like these from HR, they hand over their credentials without thinking twice.

Additionally, public companies in the U.S. are required by the SEC to publicly disclose information about their finances and operational updates that impact the business—such as changes in executive leadership. Attackers will monitor news outlets for these kinds of announcements and then send phishing emails impersonating the new executive.

Threat Actors Know How to Bypass Malicious URL Detection Tools

Threat actors recognize that the phishing site URL is crucial, as it can make or break the attack.

To evade email filters, some attackers will take advantage of URL shorteners like Bit.ly to obfuscate the actual URL destination while others will first send targets to a legitimate website and then automatically redirect them to the phishing site.

Threat actors will also hide the malicious URL within a file on a trusted cloud hosting service. Because the link in the email has a domain of drive[.]google[.]com or dropbox[.]com, a traditional email security solution will not flag it as suspicious. But when the target clicks on the link, it takes them to a file that contains a link to the phishing site.

Attackers Take Advantage of Email Rules and Filters to Maximize Impact

After an email account has been compromised, threat actors will often create a rule to BCC an external email address on all messages. This allows them to gather intel without having to repeatedly sign in to the account and potentially trigger a “suspicious login location” alert from the email security software.

Threat actors may also create email rules to prevent the user from receiving warnings that might make them aware of the issue. The attacker will create a filter that automatically deletes any messages with trigger words such as “hack”, “phishing”, or “alert” in the subject line. Then, even if the IT team recognizes that a credential phishing attack has occurred and sends a mass email to the workforce, the employee who has been phished will never receive it.

Threat Actors Are Clever, but Organizations Can Stay One Step Ahead

As long as companies use email, threat actors will launch phishing attacks.

To lower your organization’s risk, start by including security awareness training as part of your new employee onboarding. In addition, because attackers are constantly developing new tactics, you should also require ongoing training to ensure the workforce knows what new threats to be aware of.

And while educating employees will help reduce the risk of them engaging with a malicious email, it’s even better to minimize the number of phishing emails they receive in the first place.

Any time an employee has to assess whether a malicious email is genuine or not is an opportunity for them to make a mistake and for a threat actor to capitalize. Security awareness training in tandem with a modern email security solution that proactively stops phishing emails before they can be delivered is the one-two punch organizations need to protect themselves.

Don’t Let Your Employees Take the Bait

Organizations often dismiss phishing attacks as a threat because they don’t consider them to be as serious as some other attack types. But the reality is that, along with being the most common, credential phishing also has the potential to open the door to more damaging attacks.

Phishing emails are often the first step to compromising employee email accounts, from which far more damaging attacks can be sent. The key to preventing financial loss, data loss, and reputational damage is blocking credential phishing attacks before employees ever see them.


To learn more about the impact of credential phishing attacks and how to protect your organization, watch the on-demand webinar.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More
B 11 07 22 Vision 23 Blog
Discover the latest trends in cybersecurity as we look toward the email threats of the future in partnership with SecureWorld.
Read More
B 1500x1500 Crimson Kingsnake L2 R1
Uncovering how threat group Crimson Kingsnake uses third-party impersonation tactics to swindle organizations across the world.
Read More