Recognizing and Reporting Phishing
“Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messages.” - Cisco
According to the latest Verizon Data Breach Investigations Report, “74% of business breaches involved the human element,” which includes social engineering tactics like phishing. When it comes to examining emails, texts, phone calls and more for legitimacy, it’s critical to keep the following statements in mind: “never trust, always verify,” “trust nothing or no one”, and “don’t engage and trust nothing”. The reality is, a bad actor only needs to get lucky once, while security teams need to get it right every single time.
It’s not like the bad actors needed help either. Phishing attacks are constantly maturing from a deliverability standpoint. With the popularity of cloud applications and artificial intelligence (AI) tools, bad actors can hide behind legitimate and trusted brands such as Gmail, Google Drive, Google Forms, Salesforce or Telegram to give their campaigns longevity. They’ll also use AI-crafted messaging specific to your organization (or personal interests) to craft stronger, human-like lures.
Just one successful attack is needed
Phishing can be delivered by a variety of different vehicles such as email, text, phone call (voice phishing or a “vhish”) or even social media post, instant message or QR code.
Once delivered, a phish typically wants to invoke emotion and prey on our natural desires to act and help fix a problem, such as “you have to do X, or else X will happen”. In other words, the phish wants you to immediately act and be the hero, fix a problem that you or someone else created, provide yourself with instant gratification or goods and connect yourself to a greater good or provide the feeling of being helpful.
Phishing requires you to act with a specific set of instructions
Don’t engage and trust nothing.
You must avoid email address and perform URL spot-checks as sender verification methods. Look beyond the email sender and website URLs used. Regardless of how tailored the messaging is or familiar the source looks, once the phish has been received and digested, the bad actor will still need you to act for them with a specific set of instructions, which should be the red flag you are looking for.
Some of the red flags you should be looking for include requests to act - such as providing your username, password or MFA code – approving a 2FA request, clicking or scanning a link, filling out a form or installing a software application.
The phish may also use company lingo with well-known company names, personas or roles and reference popular company software. It may also try to hide malicious links under hyperlinks to try to avoid common spot detections. Lastly, it may also show urgency is needed to act or suffer a consequence.
Report the message and block the sender – it can wait
Most organizations have their own set of suspicious email reporting processes, so it’s critical to always know your company’s preferred phishing reporting process so you can properly block the sender and report the phish. This helps to ensure that any characteristics of the phish can be examined and company email filters can be improved.
Learn more about common ways to report & block suspicious emails in the National Cyber Security Alliance Phishing Blog.
Cisco products that can help mitigate phishing attacks
Wondering where to start? Cisco Duo supports phishing-resistant passwordless authentication and zero trust access that can help mitigate common breach scenarios that are plaguing the IT security industry and can negatively impact your business.
Cisco Talos is also constantly gathering threat intelligence which is harnessed by Cisco solutions to help your organization stay safe from phishing attacks. On top of this, Cisco has a host of security solutions with dedicated phishing preparation, mitigation, and response functionality including phishing preparation with Cisco Security Awareness Training, phishing mitigation with Cisco Email Threat Defense, Cisco Secure Endpoint, Cisco Umbrella, and, Cisco Duo, and phishing incident response with Cisco Talos Incident Response.
If you have any questions, feel free to reach out to a Cisco sales contact to get started!