Phishing is an email that impersonates a legitimate, trusted sender with the goal of collecting sensitive data such as financial data or login passwords. Phishing emails typically contain a malicious link or attachment that install malware or link to a malicious website that lures users into providing information that can later be used for identity or data theft.
Phishing emails are sent to very large numbers of recipients, usually at random, with the expectation that only a small percentage will respond. An apparently official email from, say, a well-known delivery company might arrive, saying that “Your package has been delayed, click here for details.” Click the link and malware might be downloaded onto your device, or you might go to a fake website where you’re asked to enter your name, address, and social-security number. That information would then be sold on the black market or used for fraud or identity theft.
A closely related threat is spear phishing. Unlike phishing, which are sent in mass to target any user, spear phishing emails target a single person. Criminals select an individual target within an organization, using social media and other public information—and craft a fake email tailored for that person. For example, a spear phishing email may appear to come from your CEO who is traveling abroad and says his wallet and phone have been stolen and asking if you can wire money right away.
Phishing is an extremely common form of email attack. It is particularly dangerous because it relies on human behavior. For example, a phishing email might claim that the user’s bank account is overdrawn and require the user to create a login account to access the fake bank website. Since people often use the same password for multiple accounts, the attacker can use the password supplied by the user to try to get into other real accounts owned by that user.
It’s important to train users to spot potential phishing emails and delete them. Users should err on the side of caution and confirm the authenticity of any unexpected email by contacting the apparent sender. Unfortunately, even a well-trained, observant user will have moments of distraction. As social media use explodes, it becomes ever easier to craft a highly convincing spear-phishing email. Thus, it is critical to complement user training with technical solutions that prevent phishing and spear-phishing emails from ever arriving in your users’ inboxes.
The first step in blocking phishing emails is to install an email filter. Barracuda Essentials provides a comprehensive email filter blocks spam. It then scans all inbound emails for malicious attachments and URLs against Barracuda’s database of known malicious file types and servers. It also uses advanced analysis to spot signs of phishing such as typo-squatting, link protection, and suspicious language used in the email subject or body.
Barracuda Advanced Threat Protection adds more layers of protection for those cases when an inbound email filter alone is not sufficient. First, it uses signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Finally, it feeds remaining suspicious files to a CPU-emulation sandbox to definitively identify zero-day threats and block them from reaching your network. This means that it can block phishing and emails carrying zero-day payloads that other techniques might miss.
Contact us to learn more about how to detect and stop phishing emails, as well as to start a free trial of Barracuda Essentials.