Prevent Phishing Attacks on Employees

How Securd’s proprietary grey wall feature prevents end users from falling prey to new phishing attacks.

What is a phishing attack?

A phishing attack is a fraudulent email communication designed to make a recipient believe the communication comes from a trustworthy source. The first behavioral response the author of the attack is trying to achieve is trust. Once the recipient is convinced or tricked into believing the email communication is trustworthy, the links or attachments in the email are used to enable the attacker’s intent of the phishing attack.

an example of an phishing attack

Phishing attacks prey on peoples emotions and situation

Phishing attacks prey on emotion. Attacks are crafted to exploit an emotion or condition that triggers the desire to open or click on a link. In many cases, phishing attacks exploit our busy and distracted minds. If the email communication is nearly identical to a trusted vendor, we’re more likely to click or act on the email. Cybercriminals are advancing information gathering techniques, testing their tools, and increasing their success rate of victims that fall for these attacks. By the time an end-user receives a phish, the socially engineered attack was well planned and tested.

busy and distracted falling for phishing attack

Phishing campaigns are built to evade detection

Phishing detection is, for the most part, a game of wack-a-mole. It’s a never-ending game of attacks and evading analysis. Because it resembles legitimate email, phishing emails will evade most anti-spam, anti-virus, and anti-malware software. Secondly, phishing attacks are successful because the end-user fails to recognize the fake email attributes that make it a phish. In the example to the right, the source email address of phish is from an unknown domain. The final destination of a link to the email is an unknown domain. Both of the domains have no affiliation with Microsoft or Office365.

spotting a phishing office 365 attack

Grey walling a phishing domain

Securd’s grey wall system is a hostname and registered domain aware system. The grey wall knows what hosts and domains are being resolved. Securd’s grey wall is also aware of new and untrusted hostnames that are not authorized to be resolved. A Securd phishing block is in the range of 1 minute to 120 days. This temporary block provides all other security tools and vendors to catch up and natively block the phishing email, mark it as junk and prevent it from getting to intended recipients.

  1. End-user receives a “change your password” phishing email.
  2. End user doesn’t recognize the fake Office 365 email.
  3. Securd detects the customer has never visited this domain before.]
  4. The newly observed domain is blocked and end user is informed.

Other security solutions react to the phishing attack.

After the first hour of a phishing attack, threat intelligence starts to be shared and distributed about a phishing attack. As the phishing reports are confirmed, the intelligence makes its way to numerous feeds to block the malicious domain and URL. However, during this gap called the golden-hour of a phishing attack, Securd end users are natively protected from the threat.