Phishing Attacks: A Survival Guide by Cofense

Roberto Popolizio Roberto Popolizio

Hackers are continuously coming up with new forms of malicious emails and schemes, so even using antivirus software with phishing protection is not enough to save you from losing sensitive information, like bank accounts credentials and passwords.

Fortunately, there’s a series of technologies and best practices that can help you improve your email security and avoid costly data losses. At the top of this list is training your employees to spot a phish in their inbox and report it to the security team.

In this guide we spoke with Brandi Moore, the Chief Operating Officer at Cofense, a leading cybersecurity company protecting thousands of large organizations, to give us her insights on how to spot a potential phishing email, how to prevent phishing attacks, and what to do if we fall victim of them.

Please describe the story behind Cofense: how did it start, and how has it changed during the years?

Our co-founders Rohyt Belani and Aaron Higbee met in 2002 at Foundstone, an incident response company acquired by McAfee. While working as penetration testers who were hired to hack businesses and security vulnerabilities, they observed how phishing attacks impacted organizations. Over the years of working on different projects, they continued to observe that phishing was a dynamic threat, changing tactics over time but still being the most effective way for hackers to enter an organization.

From these observations, PhishMe was born: the first SaaS offering that enabled enterprises to conduct immersive phishing training for their employees. This idea immediately received traction with security teams at large and high-profile companies.

As the number of PhishMe customers grew, they reported that one change in their organization had the potential to dramatically impact their ability to defend against attacks: users reporting phishing to the SOC. Cofense immediately set out to create a line of products, including Triage, Intelligence, and Vision, that enabled SOC teams to quickly sift through reported phishes, find malicious threats and remediate them inside an organization.

Can you tell us a little bit about your Cofense Global Network? What’s the idea behind it?

Organizations using Cofense join a global network of over 32 million trained employees who identify and report active phishing attacks that have slipped through technology created to detect them. This data creates an incredible source of threat information that enable businesses to protect themselves against the latest email security threats day in day out.

Cofense is constantly sending threat information out to its clients to quickly identify phishing attacks that have landed in mailboxes and remove them before they become a security threat. For example, a Real Estate company recently installed Cofense Vision and within three days they had removed almost 300 phishing attacks that had passed through their email security controls. Cofense sends threat information day in and day out to our product suite to help organizations defend themselves.

Through this network, threats have been eliminated before they had a chance to cause damage. As more users work together to report and prevent attacks, we’re able to create a self-healing email security ecosystem that protects against the majority of threats facing inboxes today.

Why Is Phishing Still So Popular?

Phishing will continue to be a popular threat vector because its cheap and highly effective. Email addresses are easy to get ahold of, and emails are basically free to send. With little effort, phishing attackers can gain access to valuable data.

At Cofense we see phishing trends change season by season depending on what hackers find “works” at any given time. Currently, most phishing attacks focus on stealing authentication credentials or leverage conversational email (BEC) to manipulate employees to send money to the hacker. BEC tactics are very simple. The email typically looks like it’s from someone you know and starts to engage you in a conversation. The hacker may write back and forth with the target multiple times before they ask for something, usually money.

And just to clarify, can opening an email get you hacked?

The act of opening an email in your inbox to read will not cause you to be hacked. However, if you click on a malicious link or download a file attached to it, it can cause a breach. It’s important to immediately report something that looks wrong to your security operations center so it can be reviewed.

What are the most common characteristics of a phishing email?

Anyone can be a target of a phishing email, whether they are an intern at a startup or the CEO of a major enterprise organization. There are common signs that users can keep an eye out for. Things to look for typically involve tone, grammar and urgency in an email’s subject line or content. Common signs include:

  • Email addresses and domain names that don’t match: Hackers take advantage of a feature called “friendly name” frequently. They change this setting to someone’s name which can masks the actual email address its arriving from. If something feels strange about the email, look carefully, and expand the details of the message so you can see the real address it was sent from
  • Malicious hyperlinks: Hackers will often mask the real domain their links are sending you to through multiple techniques. Mouse over a link before you click on it to make sure it aligns with here you think you are headed
  • Unusual content or request: If an email comes in asking for something to be done that’s outside of the company norm, that’s a big clue that it’s a phishing email. If its from a CEO or other executive in the organization, be cautious. Verify the request directly with the sender outside of the email chain.
  • Threats or a sense of urgency: Emails using threatening language such as “ACT NOW, IMMEDIATE ACTION REQUIRED” or “LAST WARNING, ACCOUNT SUSPENSION PENDING” should always be treated with suspicion
  • Suspicious attachments: If an email with an attached file is received from an unfamiliar source, or if the recipient did not request or expect to receive a file from the sender of the email, the attachment should be opened with caution. If the attached file has an extension commonly associated with malware downloads (.zip, .exe, .scr, etc.).
  • Simple requests: BEC emails typically look like they come from someone with authority, however they may look like they come from a friend, colleague or someone that appears to need help. They may be paired with text messages. The hacker may engage in a series of emails to try to keep the target engaged and to attempt to set up a relationship that appears to be benign until they find the right time to strike. These emails are the most difficult to spot. A good example of this type of scam is asking for an invoice to be paid that appears to be from a legit vendor. Simple rule here: call the vendor. Reach out directly to confirm the person in the email is who you think it is.

What are your best tips to prevent phishing?

It’s critical to teach users how to spot phishing emails. An organization can spend millions on security products with the goal of stopping phishing emails from hitting inboxes at all, but it only takes one well-crafted phishing email that is technologically advanced enough to make it past yesterday’s security controls with a well-timed request for a wire transfer or credential login page to result in a breach. Training users to be aware about the types of phishing attacks can be immensely effective. In addition, fostering a company culture of empowerment will encourage users to report phishing emails as they see them.

To help lower the risks associated with compromised accounts, ensuring that users have two-factor authentication enabled is another simple yet effective practice. Bolstering a company culture around reporting phishing emails is key, because at the end of the day this is a problem plaguing every organization.

And what to do if I get a phishing email?

Report it immediately to the right team inside your organization so it can be assessed. It’s better to be wrong than to engage with a malicious message. Once a phishing attack gets by an email gateway and reaches employees’ inboxes, the employees themselves – the attack’s actual intended targets – are the final defense. If they aren’t educated and conditioned to spot and report all forms of phishing, employees are the weakest link. But that doesn’t have to be the case. A phishing awareness and education program can not only help to stop attacks but supply vital threat intelligence to your security teams.

About the Author

About the Author

Over a decade spent helping affiliate blogs and cybersecurity companies increase revenue through conversion-focused content marketing and Digital PR linkbuilding.