Guide to Staying Safe from Phishing
It’s critical for MSPs to have a well-planned anti-phishing strategy in place for minimizing the risk of successful phishing attacks against the users that they support. This guide describes the most common types of phishing attacks that occur today, discusses best practices for preventing phishing and offers tips for developing a response plan for use when phishing attacks do occur.
Phishing Types and Techniques
All phishing attacks share a couple of traits. They involve attackers disguising themselves as legitimate entities within electronic communications (usually emails, although phishing attacks can also be carried out through text messages or instant messages, for example). The attacks have the goal of tricking end-users into giving away sensitive information or installing malware on their systems.
However, phishing attacks can be broken down into many distinct categories. Each category is defined by different attack goals and/or techniques.
The most common types of phishing attacks today include:
- Group phishing: Attacks that target a large group, such as all of the employees at an organization, with the same phishing email (or other types of the message). This is the most basic type of phishing attack, and the least sophisticated.
- Spear-phishing: A phishing attack that bypasses a large group and instead pursues a specific person, organization, or company. Typically the message will contain the recipient's name or other identifying information to lend a flavor of credibility
- Whaling. This is a subtype of spear-phishing that involves targeting high-level executives.
- Clone phishing: Another subtype of spear-phishing that aims to replicate another email message that the recipient has previously received. For example, if the hacker can determine that a person recently received a shipment tracking email notification, then they may launch a clone phishing attack that sends a fraudulent message tailored to look like the same thing.
The techniques that hackers use to carry out a phishing attack also vary widely. Some phishing attacks rely on malicious links within messages. If users are successfully tricked into clicking the links, they will direct the user to a website that attempts to collect sensitive information. Phishers might also forge fake websites with URLs similar to legitimate ones that users trust, then use the forged sites to collect data.
Social engineering, by which hackers try to gain users’ trust through personal interaction or psychological manipulation, is another common phishing technique. Voice phishing, which involves leaving voice messages that claim to be from a person or institution that a user trusts (such as a bank) is another common, and relatively recent, type of phishing strategy.
Like phishing attacks, strategies for preventing phishing vary widely. There is no single best practice to follow that will guarantee protection from phishing attacks. However, there are several anti-phishing strategies that MSPs can employ to minimize the risk of phishing attacks reaching their end-users:
- Know how to identify a phishing message. Knowing what to look for in order to identify phishing is a basic first step in combating phishing. Misspelled words and bad grammar are on a tip-off. A threatening tone, or an email asking for unusual personal information, are others.
- Deploy anti-phishing software. There are a variety of software tools that can help protect your networks against phishing attacks by detecting and stopping phishing messages. Spam filters for email servers are one basic tool you should have in place. Antivirus, which will help prevent malware that originates within phishing messages from installing itself, is another. Web filters that block users from visiting sites known to be malicious are also helpful since they will stop fraudulent pages from opening in the event that users click links to them from within phishing messages.
- Use multi-factor authentication. Multi-factor authentication helps to ensure that even if attackers learn user logins and passwords via phishing, they still won’t be able to gain access to protected systems unless they can also obtain the secondary “factor” required for login.
- Encrypt sensitive information. Encrypting your data provides a second line of defense against theft. In the event that hackers use a phishing attack to gain access to your systems, they still won’t be able to read sensitive data if that data is encrypted (provided they don’t have the encryption keys).
- Discourage (or disallow) users from using public wifi. Unsecured wifi networks in places like airports and hotels are common vectors for launching phishing attacks.
- Educate end-users. You can only do so much to stop phishing emails from reaching end-users. To help ensure that users won’t be tricked into clicking malicious links or giving away sensitive information when phishing does strike, educate end-users regularly on how to detect phishing attacks and what to do when they receive a phishing message.
For more details on preventing phishing attacks, check out our guide on the topic.
Further reading Guide on How to Prevent Phishing
Phishing Attack Action Plan
Despite your best efforts, the organizations you support may occasionally fall victim to phishing attacks. That’s why it’s important to have an action plan in place for responding when attacks are successfully carried out.
The most basic and obvious steps for responding to a phishing attack include:
- Blocking the sender’s email.
- Identify emails (or other messages) associated with the attack, and purge them from users’ mailboxes.
- Blocking any URLs used for the phishing attack within your firewalls and antivirus endpoints.
- Reset users' passwords.
Other typical response steps, which may not be so obvious, include:
- If you have reason to believe attackers might have manipulated any stored data or planted malware within it, consider rolling back the affected data from a clean backup copy of the data.
- Search for suspicious email forwarding rules within user email accounts (which hackers may have set up in order to forward sensitive emails automatically to their own accounts) and delete them.
- Search for phishing messages that may already have been sent from compromised accounts in an effort to spread the phishing attack. Contact recipients by email and phone to alert them to the attack and instruct them not to respond to the malicious messages.
- Set up multi-factor authentication for affected accounts in order to make it more difficult for hackers to abuse account credentials, even if the credentials have not yet been reset.
For details on how to follow each of these steps, read MSP360’s phishing response guide for MSPs.
Further reading Phishing Response Guide
Phishing attacks have been happening for decades, and they will probably remain common cybersecurity threats for decades more to come. You can’t prevent them completely, but you can take steps to minimize the risk that the end-users you manage will fall victim to them. You can also have a response plan in place in order to mitigate the fallout of phishing attacks that are successfully executed against your organization.