Phishing attacks continue to be one of the most widespread and damaging cyber threats to organizations. While new email security measures for bulk senders have made mass email phishing more difficult for attackers, spear-phishing (aimed at a single target) continues to be a top attack vector.
The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) recently released their FY23 Risk and Vulnerability Assessment (RVA) Report, which identified spear-phishing as the second most common successful attack technique.
Spear-phishing remains a top threat because it exploits personal data to craft highly personalized messages, making it easier to manipulate a single target into unwittingly performing harmful actions. Spear-phishing emails or messages are designed to deceive recipients into providing sensitive information, such as login credentials or financial details. This form of phishing is often the entry point for attackers to infiltrate an organization’s network, gather critical data, and conduct reconnaissance that leads to further compromise.
Email Impersonation in Phishing Attacks
One of the key tactics used in phishing attacks is impersonation. Attackers frequently pose as trusted entities—whether a company executive, IT personnel, or a known vendor—to deceive employees into clicking on malicious links or sharing sensitive data. This impersonation adds credibility to phishing emails, making them harder for targets to detect.
Impersonation emails are most effective when attackers are able to gain a lot of information about their target from publicly available sources. These sources include LinkedIn, corporate websites, data brokerage sites, social media platforms, and more.
Publicly available information provides attackers with organizational details and employee personal information, which becomes the foundation for crafting a pretext—a highly convincing backstory used to gain the trust of a target. The pretext leverages specific personal details with the goal of manipulating the target into performing actions like entering login credentials or transferring funds.
Common Phishing Impersonation Tactics:
- Fake domain names: Attackers create email addresses with domains that look similar to legitimate ones (e.g., changing an “I” to a lowercase “L”) to trick recipients into thinking the email is coming from a trusted source.
- Email spoofing: The attacker manipulates the “from” field to make it appear that the email is sent from someone within the organization.
- Disguised links: Phishing emails often contain links disguised as legitimate websites. Once clicked, the user is directed to a malicious website where their credentials or sensitive data are stolen via convincingly disguised login page.
Protecting Employees Against Phishing Emails
Phishing attacks can lead employees to unintentionally reveal valuable information about the company’s network architecture or provide access to credentials that allow attackers to move laterally through the system.
While many organizations have standard email security measures in place, they must adopt a more proactive approach to fully protect against phishing attacks. Here are some proactive steps to consider:
- Remove Publicly Available Employee Data: Phishing attacks are enabled by the abundance of employee information available on data broker sites. Removing or reducing this publicly available information makes it harder for attackers to impersonate employees or craft convincing phishing emails. Employees should also limit the personal information they share publicly on various social media sites, and maximize their privacy settings to minimize their vulnerability to phishing.
- Multi-Factor Authentication (MFA): MFA adds an extra layer of security beyond the traditional password, making it more difficult for attackers to gain access to sensitive systems even if they have stolen login credentials through a phishing attack. Requiring MFA across all accounts, and physical tokens for high-risk roles such as executives or administrators, significantly reduces the potential impact of phishing attacks.
- Password Managers: Password managers can help protect employees from entering credentials on spoofed or malicious sites by recognizing legitimate domains. They ensure that even if a phishing email makes it through, employees aren’t tricked into giving away their login details.
- Email Authentication Protocols: Implementing email authentication protocols like SPF, DKIM, and DMARC helps prevent attackers from spoofing your domain.
- Employee Cyber Awareness Training: Regularly updating training ensures employees are aware of the latest phishing techniques specific to their industry and role and know how to respond to suspicious emails. Training should include:
- Recognizing common hallmarks of phishing emails, such as unusual requests, urgent language, or suspicious links.
- Identifying fake domains and verifying email sources through another channel.
- Encouraging employees to report any suspicious emails for further review.
A Proactive Defense Against Phishing Attacks
Phishing email protection requires a combination of technical solutions, proactive measures, and employee training. Effective phishing emails don’t have to be sophisticated—they simply need to be well-timed and personalized to fool their target.
By limiting the availability of employee personal information online, implementing MFA and email authentication protocols, and fostering a security-aware culture, organizations can significantly reduce the risk of successful phishing attacks.
Optery’s patented search technology finds more exposed employee profiles than anyone else, helping you protect against phishing and other threats by removing this data from the web. Ready to safeguard your organization? Explore our guide on choosing the right personal data removal software for your company.