Phishing is the process of sending fraudulent emails, while posing as legitimate sender, to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more.
Email phishing is one of the most common ways attackers are able to successfully infiltrate systems. In 2022, Microsoft alone recorded over 70 billion attempts at email and identity threat attacks.
IT teams can take as long as 13 days on average to recognize new phishing attacks, according to research conducted by Darktrace, and by focusing on historical attack data they can only catch up with threats they have seen before.
How does phishing work?
Phishing is a form of social engineering that makes it difficult for traditional legacy security systems to detect malicious behavior. Therefore, organizations often train their employees to identify spoofed emails or malicious links or are forced to manually sort through flagged emails and set parameters for known malicious links and files which can take up a lot of time. However, there are robust security systems that can detect, respond, and stop phishing attacks at every stage of the attack lifecycle.
A threat actor can take several approaches to conduct a phishing attack:
A targeted attack, one that focuses on a specific individual or organization, can involve intense research on personnel and communication within that organization.
In a widespread attack, the threat actor is generalizing their messaging and hope their victims don’t recognize their fraudulent emails. Ultimately, the goal is to facilitate communication with a party and extract valuable information by using a sense of urgency to fool the victims.
Bytesize security: HTML phishing attachments
Smishing: Smishing, short for "SMS phishing", is a form of cyber attack that uses text messages to trick people into revealing sensitive information or installing malware on their devices. Smishing attacks often involve sending fraudulent messages that appear to be from a legitimate source, such as a bank, social media site, or other trusted organization.
Spear phishing: Spear phishing is a type of cyber attack that targets a specific individual or organization rather than a broad audience. This usually involves an attacker conducting a significant amount of research on an organization or individual to make their attack seem more credible by contextualizing their message with relevant information.
Vishing: Vishing (voice phishing) uses voice communication to get people to reveal their sensitive information. Attackers will often have an automated voicemail ready that asks individuals for their social security number or bank account information. They sometimes mask their identity as a loan provider or banking institution.
Watering hole: A watering hole attack is a type of cyber attack in which the attacker targets a specific group of individuals by infecting websites that they are known to visit. This type of attack is named after the watering holes where animals gather to drink water in the wild. Just as predators wait at watering holes to ambush their prey, cyber attackers wait at compromised websites to target their victims.
Common indicators of phishing
Common indicators of a phishing attempt include suspicious links or attachments in emails, misspelled words or unusual grammar, requests for sensitive information, and urgency or threats to act quickly.
The rising accessibility of generative AI means that more phishing messages may not have the traditional misspelled words or unusual grammar. As these attacks grow in sophistication, security tactics must evolve as well.
How to protect against phishing
To avoid falling victim to a phishing attack, it's important to be cautious of any unexpected or suspicious messages, particularly those that ask for personal information. It's always a good idea to independently verify the legitimacy of any request by contacting the organization directly, rather than clicking on a link or providing information through an unsolicited message. Although these measures are valuable, the email conversation is shifting and CISOs and other security professional should consider advanced tools to stop increasingly sophisticated cyber attacks.
Organizations can prevent phishing attacks by being cautious of suspicious emails, using anti-virus software, and implementing a strong cyber security infrastructure. A strong cyber security infrastructure includes detection and response systems, firewalls, visibility across all your digital assets, having security systems that integrate with your network and cloud-based applications, and more.
What should I do if I click on a phishing link?
If you clicked on a phishing link or received a phishing email, you should immediately disconnect your device from the internet and run a virus scan. You should also change your login credentials for any accounts that may have been compromised.
If this incident occurs on a business device, alert your security team right away.
Security solutions such as email filtering, anti-virus software, and security awareness training can help detect and prevent phishing attacks. More advanced solutions, such as AI powered cyber security, can also be used to train employees, comply with security directives/regulations, and level up security teams.
With Self-Learning AI, Darktrace can identify phishing attacks by understanding your organization. It analyzes emails for the sender, recipients, tone and sentiment, and hundreds of other factors to determine if something doesn’t look right. Then it neutralizes the threat, even on the first encounter.
Darktrace PREVENT allows the security team to identify, prioritize, and test vulnerabilities, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously.
Darktrace DETECT delivers instant visibility into the most advanced threats like phishing by understanding what’s normal in your organization, to identify what’s not.
Darktrace RESPOND delivers autonomous, always-on action to contain and disarm attacks within seconds. When a threat like malware is detected, RESPOND leverages Darktrace’s understanding of “self”, to pinpoint signs of an emerging attack, stopping malicious activity, while allowing normal business to continue.