A lot has been said about phishing, but one element is hardly taken at face value: the root cause. Domains are the underlying cause of every phishing attack. The frontman is email, yes, but you need a domain to stand up an email, and that is where the compromise occurs.
Anti-phishing protection is a multi-faceted approach that combats various types of phishing attempts and encompasses a range of different measures. While this may lead to a generalist view of the solution, one thing to bear in mind when choosing a vendor: Anti-phishing protection needs to focus on the root of the problem – protecting the domain – and the rest of the dominoes will fall into place from there.
What is Anti-Phishing Protection?
By the book, the term is as straightforward as it sounds: Anti-phishing refers to efforts to prevent phishing-based attacks. Anti-phishing software encompasses programs that identify phishing-related content within websites, emails, and other digital assets and then take actions to block them.
Types of anti-phishing software include spam filters and email security platforms, antivirus solutions, web filters, MFA, and SOAR tools. But they can also include solutions that help prevent Business Email Compromise (BEC), social media fraud on public-facing sites, and pre-attack chatter on Dark and Deep Web back alleys.
These tools ferret out signs of a potential attack, be they through spotting illegitimate domains or following suspicious link trails, and alert the user to foul play. The best anti-phishing platforms combine automated scans with seasoned expertise to hunt out signs of malicious campaigns. The best solutions can remove the signs of risk by autonomously blocking the threats or carrying out proactive takedowns of spoofed accounts that trap unsuspecting users. Phishing comes from a myriad of creative methods across the internet, and the right anti-phishing protection will account for as many of those as possible.
Common Types of Phishing Attacks
To curate the most effective solution, it is important that the organization and platform both understand the varying types of phishing attacks.
- Deceptive phishing | This is the most commonly employed type of phishing scam – the Classic if you will. Scammers masquerading as legitimate companies approach unwitting victims and ask for money or some other sensitive asset. These ‘asks’ can come with a sense of urgency and quickly devolve into bullying and harassment.
- Spear phishing | When a fraudster goes after a specific target within a company, that’s known as spear phishing. The customized attack can be preceded by weeks of internet stalking and an inordinate amount of research into the victim’s personal tastes to craft the most believable campaign.
- Whaling | Whaling is Spear phishing but with targets higher up the food chain. This is mainly reserved for CEOs and other C-suite members, and criminals out to ‘win big’ will often stalk their target for months, employing the same tactics and hoping for even more detrimental results.
- Clone phishing | Clone phishing is especially sneaky because it bypasses all the usual tell-tale signs of a lousy phishing campaign (grammatical errors, unbelievable deal offers, and time-sensitive action requests, for example). Criminal hackers intercept a legitimate email and modify it before it gets to the sender. The victim clicks on what should be a legitimate link but is instead re-routed to a phishing trap.
- Business Email Compromise (BEC) | The FBI 2022 Internet Crime Report put adjusted BEC losses at $2.7 billion for the past year, compared to a relatively paltry $34.3 million for ransomware. This sleeper crime doesn’t get noticed but does the most financial damage, playing off employees’ trust in their employer and exploiting it for financial gain. Bad actors impersonate business partners, suppliers, and even bosses within the same company to social engineer fraudulent wire transfers by duping employees into thinking they come from legitimate requests.
- Emerging tactics | The phishing landscape is constantly evolving, and tactics are evolving along with it. SMShing and vishing have established themselves at the forefront of emerging phishing schemes, sending malicious links to users’ phones and calling victims out of the blue to request “account verification”. In some cases, trusting and bewildered callers provide their real credentials to fake ‘Microsoft’ staff. In others, when a curious user checks their texts and clicks the link, it’s often too late: many of these campaigns detonate upon contact and infect devices with data-plumbing malware.
Combating the sophisticated forms of phishing within the community will take a group effort. Some groups like the Anti-Phishing Working Group (APWG) are spearheading joint efforts to tackle phishing head-on, and ZeroFox is proud to lend its hand to the cause.
These approaches can take the form of several different facets:
- Email protection | Aside from preventing unauthorized access within email clients, email protection can include encrypting sensitive messages, filtering spam, identifying emails with compromised links or attachments, and blocking emails from malicious domains.
- User education and training | Training your workforce is one way to combat the 82% of data breaches resulting from the human element: Users who have been educated to spot the signs of a phishing attempt in practice are less likely to fall for one in real life.
- Anti-phishing software | Technology matters. When preventing multi-faceted phishing attempts, look for software that enables you to disrupt cross-platform attacks, detect fraudulent domains upon entry, and autonomously block malicious IPs.
- Multifactor authentication (MFA) | Even with phished credentials, a bad actor will have to pass one more layer of protection if MFA is set up around your most sensitive assets. This hurdle is often enough to send most opportunistic attackers scampering on to the next easiest target.
- Incident response plan | While so many phishing ploys are preventable, error itself is inevitable, and attacks will come through. In these cases, facing them head-on with guided preparation rather than in denial with the organization’s proverbial head in the sand is better. This includes knowing how to mitigate any lasting damage caused by credential breaches and the takedown of compromised accounts.
How to Choose Anti-Phishing Protection
When evaluating anti-phishing vendors, it is important to keep in mind that protection is the core component of an anti-phishing program. – or should be.
Identify the needs of your organization. Match them with the features of anti-phishing protection found in the solution at hand: Does this provide monitoring alone, or does it pursue signs of phishing with more proactive measures?
Consider the vendor’s reputation and the level of support you’ll receive should you engage with them. Is the help an accumulation of so many first-level support hours, or will there be a team at the helm who really knows what they are doing? Phishers are always upping their tactics, and sometimes the road pursuing them will lead off the map. Choose a team that can go down any dark alley and do more than the required due diligence, not less.
The ZeroFox Difference
ZeroFox offers enterprise-grade anti-phishing solutions. By processing over 7 million data sources weekly, we provide visibility into the external threat landscape unmatched by manual methods alone (and the majority of competing vendors).
Going above and beyond phishing prevention alone, our team encompasses a wide range of threat protection, including brand protection, digital risk protection, domain protection, account takeover protection, impersonation protection, and executive protection.
Our team has inroads into the underground economy and can stop signs of malicious activity before others’ technology even spots it on the map. ZeroFox is the only unified external cybersecurity company in the industry. It offers 24/7/365 support for our managed services, so you know there’s always someone watching your network – even when you’re strapped. Diving in with a team that deals with the before, during, and after phishing attacks will not only leverage timesaving expertise but will add the critical human component that will give your anti-phishing solution an edge and you peace of mind.