Abstract White Grid

Webinar Recap: Blocking Phishing Attacks Before Employees Bite

Credential phishing attacks can lead to loss of revenue, loss of data, and long-term reputational damage. Learn why these attacks are successful and how to block them.

July 25, 2022

Nearly every business—from the largest enterprises to SMBs with a handful of employees—relies on email as their primary method of sending and receiving information. And since the average company uses more than 200 different software solutions, employees are accustomed to regularly receiving emails asking them to do things like confirm their identities and reset their passwords.

When you take those two facts into consideration, it’s not surprising that credential phishing attacks are the most common email-based threat organizations face.

In a recent webinar, I sat down with Graham Cluley, cybersecurity expert and host of the Smashing Security podcast, to discuss the latest in phishing attacks.

Here are five key takeaways from the webinar.

Modern Phishing Emails Are Significantly More Believable Than Early Phishing Emails

Many professionals are operating under the assumption that today’s phishing emails are just as poorly-worded or obviously malicious as those from ten years ago. But modern threat actors design detailed phishing emails and sophisticated phishing sites that are nearly indistinguishable from the impersonated brand’s actual messages and website.

For example, many attackers use links to the brand’s real website in the header and footer of the email, and then only include a single link to the phishing site in a CTA. When a target hovers over one of those other elements and sees it's a legitimate link, it can be enough to convince them the email was sent from the impersonated brand.

Further, it’s relatively easy for threat actors to determine which email provider an organization uses. And once they know, they can create phishing emails using Google’s or Microsoft’s own branding, fonts, and logos.

Attackers Leverage Every Information Source Available

Social media networks are filled with information that threat actors can exploit.

Attackers can look up a specific organization on LinkedIn and find all of the employees who have recently been hired. Then, they can send an email pretending to be from HR and tell the recipients they need to log in to view new hire paperwork. Since the targets haven’t received security awareness training yet and are expecting messages like these from HR, they hand over their credentials without thinking twice.

Additionally, public companies in the U.S. are required by the SEC to publicly disclose information about their finances and operational updates that impact the business—such as changes in executive leadership. Attackers will monitor news outlets for these kinds of announcements and then send phishing emails impersonating the new executive.

Threat Actors Know How to Bypass Malicious URL Detection Tools

Threat actors recognize that the phishing site URL is crucial, as it can make or break the attack.

To evade email filters, some attackers will take advantage of URL shorteners like Bit.ly to obfuscate the actual URL destination while others will first send targets to a legitimate website and then automatically redirect them to the phishing site.

Threat actors will also hide the malicious URL within a file on a trusted cloud hosting service. Because the link in the email has a domain of drive[.]google[.]com or dropbox[.]com, a traditional email security solution will not flag it as suspicious. But when the target clicks on the link, it takes them to a file that contains a link to the phishing site.

Attackers Take Advantage of Email Rules and Filters to Maximize Impact

After an email account has been compromised, threat actors will often create a rule to BCC an external email address on all messages. This allows them to gather intel without having to repeatedly sign in to the account and potentially trigger a “suspicious login location” alert from the email security software.

Threat actors may also create email rules to prevent the user from receiving warnings that might make them aware of the issue. The attacker will create a filter that automatically deletes any messages with trigger words such as “hack”, “phishing”, or “alert” in the subject line. Then, even if the IT team recognizes that a credential phishing attack has occurred and sends a mass email to the workforce, the employee who has been phished will never receive it.

Threat Actors Are Clever, but Organizations Can Stay One Step Ahead

As long as companies use email, threat actors will launch phishing attacks.

To lower your organization’s risk, start by including security awareness training as part of your new employee onboarding. In addition, because attackers are constantly developing new tactics, you should also require ongoing training to ensure the workforce knows what new threats to be aware of.

And while educating employees will help reduce the risk of them engaging with a malicious email, it’s even better to minimize the number of phishing emails they receive in the first place.

Any time an employee has to assess whether a malicious email is genuine or not is an opportunity for them to make a mistake and for a threat actor to capitalize. Security awareness training in tandem with a modern email security solution that proactively stops phishing emails before they can be delivered is the one-two punch organizations need to protect themselves.

Don’t Let Your Employees Take the Bait

Organizations often dismiss phishing attacks as a threat because they don’t consider them to be as serious as some other attack types. But the reality is that, along with being the most common, credential phishing also has the potential to open the door to more damaging attacks.

Phishing emails are often the first step to compromising employee email accounts, from which far more damaging attacks can be sent. The key to preventing financial loss, data loss, and reputational damage is blocking credential phishing attacks before employees ever see them.


To learn more about the impact of credential phishing attacks and how to protect your organization, watch the on-demand webinar.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 1500x1500 Gartner Peer Insights Reviews blog
The Abnormal Security team is committed to providing the best possible solution and support experience to every customer. Here’s what a few of our customers have to say about us.
Read More
B Podcast Engineering 10 07 27 22
In episode 10 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, sits down with Zehan Wang, co-founder of Magic Pony.
Read More
B 1500x1500 Email Attack Insights
Join us for a three-part webinar series about the most serious email-based threats, featuring some of the biggest names in cybersecurity.
Read More
B 07 22 22 Webinar Recap
Credential phishing attacks can lead to loss of revenue, loss of data, and long-term reputational damage. Learn why these attacks are successful and how to block them.
Read More
B 07 19 22 2022 Email Security Trends 1
Our new survey explores the current email threat landscape and what security leaders are doing to stay ahead of increasingly sophisticated attacks.
Read More
B 07 14 22 4types
Understanding the ways cybercriminals execute financial supply chain compromise is key to preventing your organization from falling victim to an attack.
Read More
B 07 07 22 Financial Supply Chain Compromise
Financial supply chain compromise, a subset of business email compromise (BEC), is on the rise. Learn how threat actors launch these sophisticated attacks.
Read More
B 06 15 22 Coats Webinar Recap Blog
Learn why Coats, the global leader in industrial thread manufacturing, skipped the SEG and chose Abnormal Integrated Cloud Email Security (ICES) to protect its workforce from modern email threats.
Read More
B 07 30 22 Q2 2022
We’re dedicated to keeping security professionals informed about the latest email threats. Here are a few of our favorite blog posts from Q2 2022.
Read More
B 06 21 22 Threat Intel blog
Executives are no longer the go-to impersonated party in business email compromise (BEC) attacks. Now, threat actors are opting to impersonate vendors instead.
Read More
B 06 7 22 Disentangling ML Pipelines Blog
Learn how explicitly modeling dependencies in a machine learning pipeline can vastly reduce its complexity and make it behave like a tower of Legos: easy to change, and hard to break.
Read More
B 04 07 22 SEG
As enterprises across the world struggle to stop modern email attacks, it begs the question: how are these attacks evading traditional solutions like SEGs?
Read More