A phishing attack takes advantage of the user’s trust by impersonating an email from a friend, associate, well known business contact or senior management.
The user is tricked into sharing login credentials, account information, personal or corporate data, or other sensitive information. Often, the user is asked to click on a link to a site that looks exactly like the real thing: online banking site spoofs are common, as are paypal, google login pages or almost any cloud service.
Once the user enters their credentials, the damage is done and the account has been compromised. In some sophisticated attacks the users are actually forwarded into the service that they thought that they were logging into, with the phishing site acting like a proxy. In these instances people may not know that they had even been phished.
In a Spear Phishing attack, the email purports to come from a trusted source, often within the employee’s own company. The term speak phishing means that the attack is highly targeted vs. an internet wide phishing scam Since confidential data is routinely shared inside a company firewall between employees, this form of attack is especially insidious to corporations: users can be (and routinely are) tricked into sharing “inside” information.
Whaling is another form of phishing attack that tricks the recipient of an email into thinking that it comes from a high level executive. Since legitimate email from corporate officers is treated with urgency, the user may overlook the risk in order to respond to what they perceive as something requiring immediate action. This may include the creation of a purchase order, or the approval of an urgent check that needs to be written.
Despite education conducted over the past few years and other efforts designed to make employees aware of the risks associated with fraudulent email, phishing attacks continue to be incredibly successful. Over 90% of attacks begin with a phishing email, and the cost associated with a phishing attack is represented not only in terms of the money lost, but in lost productivity and potentially the loss of corporate reputation and customer confidence.
Stop Phishing Threats With DuoCircle Link Click Protection
As a part of the Advanced Threat Defense Suite from DuoCircle, Link Click Protection offers world-class email protection service against weaponized attachments and suspicious links that appear in your employees’ inboxes. These are the two most often seen vectors of phishing attacks. Every link in every email is scanned in real time against multiple URL reputation databases using email security services and then again every time the link is clicked, to prevent cases where site content changes between clicks.
Unlike Office 365 that uses static lists that refresh once again, the DuoCircle URL protection is triggered on each click. Your confidential information is protected from users getting phished and your network is secured because users are prevented from introducing malware and viruses onto their systems and into the larger corporate network.
Each time a user clicks on a suspicious link, the user and the system administrator are alerted to the malicious link. By providing instant feedback to users about the threats associated with such links, employees have a higher level of awareness, and a better ability to assess the risks of such email threats. Your entire organization will:
- Mitigate against the risk of phishing attacks, spear phishing threats, and whale phishing vulnerabilities without requiring any additional outlay of IT infrastructure or overhead moneys.
- Instantly and seamlessly protect users against attacks on any device anywhere, without any interruption of service.
- Control the service easily through a single unified web-based console as a part of DuoCircle’s Advanced Threat Defense Suite.
DuoCircle’s Advanced Threat Defense – Link Click Protection Stops Phishing Attacks
When you are the target of a phishing attack, your organization will be protected:
- Every URL is scanned against multiple different URL reputation databases, not only the first time it is clicked, but everytime. This aggressive level of scanning is the only way to protect your users from both immediate and delayed attack. Sites that are suspicious are blocked, and the user is warned that the site is unsafe.
- Headers, domain information, and body content is scanned for inconsistencies that could point to an attempt to defraud the recipient through social engineering. Suspicious messages and payload can be quarantined as spam, tagged, or simply rejected before making it to the user’s inbox.
- E-mail security checks are performed on suspicious attachments before they are cleared fur delivery to your employees.
Your organization’s information is important, and it is vital that it be protected. To learn more about DuoCircle’s Advanced Threat Defense Suite, and how it can protect you from phishing attempts.