24-hours

24/7 SOC

professional

SECURITY EXPERTS

hand-finger-pressing-a-circular-ring-button

BESPOKE SOLUTION

owl

CERTIFIED SPECIALISTS

Email Phishing Security

Phishing describes a type of social engineering where attackers trick individuals into disclosing confidential information or paying money into a fraudulent scheme. While phishing is also conducted via a text message, social media message or phone, most people use the term to describe cyber attacks that arrive by email.

Email used in 95% of cyber attacks

 The Wombat Security State of the Phish2018 Report confirms that 76% of all UK and US companies experienced a phishing cyber attack in 2017. According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.

 

Targeted and personalised email

Email is the ideal delivery method for phishing as it can reach users directly and hide amongst the vast number of good emails that we all receive daily. Almost all spoof emails contain ‘click here’ links to convincing fraudulent web sites designed to make it easy to disclose the information required by the cyber criminal. Spear email phishing is tailored to one victim or group of individuals using specific and personal details. These details include the email address of the target and often refer to the names of co-workers and managers.

 

Fake CEO attack

Whaling is a specialised type of spear phishing that targets high net worth individuals or decision makers working at MD, CEO and CFO levels in an organisation. Commonly known as fake CEO attack, this methodology involves the perpetrator (before the attack) acquiring detailed information of other members of staff, suppliers, customers and trusted partners that may include accountants, lawyers and professional advisors. Spoof messages are often sent from these partners to managers with financial authority, asking for the payment of an outstanding invoice or order for new services.

Fake CEO attack is a major cyber threat for professional services firms in the UK. Wizard Cyber is a specialist cyber security partner to UK private equity firms, and many of the General Partners in our customer base have reported a significant increase in this type of email in 2018.

WizardCyber-Chess2x

Wizard Cyber Phishing Security Services

Wizard Cyber delivers a comprehensive solution designed to protect your organisation from cyber attacks that use email phishing. Our services are based on the recommendations of the UK National Cyber Security Centre who advocate a multi-layered approach that includes a combination of technological, process, and people-based cyber security measures.

Make it difficult for attackers to reach your users

Implement a Secure Email Gateway (SEG)

Configure Anti-Spoofing Controls

  • Cloud-based service compatible with Office 365 and Google email
  • Network sandboxing and content disarm and reconstruction (CDR)
  • Rewriting and time-of-click analysis for URL-based threat defence
  • Context, display name, cousin domain detection for impostor-based defence
  • Data loss prevention (DLP) and email encryption
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)
  • Sender Policy Framework (SPF)
  • DomainKeys Identified Mail (DKIM)

Train users to identify and report suspected phishing emails

  • Interactive computer-based training with videos and PDF documents
  • Simulated phishing attacks for attachments, embedded links, and data requests
  • Auto-enrolment into targeted training if an employee falls for a simulated attack
  • Create an environment with transparent reporting and no-blame culture

Protect your organisation from the effects of undetected phishing emails

  • Make authentication more resistant to phishing
  • Use multi-factor authentication (MFA) and restrict access to ‘need only’
  • Protect from malicious websites by using a proxy server and up-to-date software
  • Implement signature-based and next-generation antivirus (NGAV)

Respond quickly to incidents

  • Define and rehearse an incident response plan for different types of attacks
  • Develop an understanding of the dynamic nature of cyber security threat
  • Encourage users to report suspicious activity quickly
  • Support cyber security management with a ‘before, during and after’ approach

To find out how Wizard Cyber can help you, enter your details in the form and we’ll get in touch.

Loading