The Relentless Growth of Phishing Attacks

17 Easy Hacks to Prevent a Phishing Attack

Restoring lost data is just a matter of a few clicks

Try SysCloud out with a FREE trial and discover how much faster, easier, and more flexible backups could be - for everyone in your organization. 

Start enjoying faster and easier backups, today

Protect Your Cloud Data, Now!

Phishing attacks are increasingly sophisticated and can lead to severe data breaches if not handled properly:

Common phishing tactics include deceptive emails, malicious links, and fake websites designed to steal sensitive information. 

Protect yourself by scrutinizing email sources, avoiding clicking on suspicious links, and educating your team on recognizing phishing attempts.

What is the solution? 

Implement strong email security measures, conduct regular phishing awareness training, and use SysCloud to back up your data, ensuring that critical information remains secure and recoverable in case of an attack.

Looking for anti-phishing solutions? Worried about increasing incidents of data breaches and security threats?

This article tells you everything you need to know about how to prevent a phishing attack on your organization.

If you are an IT administrator, use our actionable tips, step-by-step guides, and best practices to make sure that your data is safe.

Phishing attacks are the oldest and most effective online threats. Cybercriminals use phishing to obtain sensitive information such as usernames, passwords, and financial details from unsuspecting individuals.

As phishing attacks become more sophisticated, organizations around the world are facing the heat. It takes just one employee to take the bait and that’s enough for attackers to steal intellectual property, login credentials, bank account information, and much more.

Data published by Symantec shows a 49% growth of phishing attacks from January 2017 to May 2018.

According to Andrew Conway, General Manager for Microsoft 365 Security, about 80% to 90% of the data breaches that his team saw were attributed to phishing. Even though Microsoft and others are taking steps to detect these attacks before they hit a user’s inbox, such algorithms can’t catch all of them — and then it’s up to the user to know what to do!

Here is a first-hand account from an IT administrator who bore the brunt of a phishing attack.

When a criminal sends an email pretending to be someone – for example, the CEO of an organization – or something he’s not representing – such as a brand, in order to extract sensitive information from the target, it’s called a phishing attack or a phishing scam.

A phishing attack can come in different forms. We picked out 7 different types of phishing scams that account for most of these attacks.

Business domain impersonation happens when an impostor creates a fake brand/company website to conduct activities that can harm the target brand and its customers.

Here is an example of how an employee of Disney fell prey to a phishing scam and sent over $700,000 to someone she believed to be a Disney vendor.

Brand Impersonation refers to the phishing scam wherein the attacker sends an email that appears to be from a trusted brand or directs a potential victim to a website that resembles a popular brand to gain access to confidential data. These emails or websites could resemble a well-known bank, a credit card company, an e-commerce portal, or even a government agency.

Here is an example: A lot of unsuspecting individuals received the Netflix Account Disabled! notification email. Upon clicking a button in the email, they were prompted to enter their credit card details. Of course, the email was a scam, and if an unsuspecting victim had entered the credit card information, the attacker would have had instant access to the credit card information.

Spammers sometimes hide the URL that’s embedded in their message. The URL visible to the victim usually displays a known domain such as a Google document; however, the actual URL would point to a malicious domain.

The 2017 Anti-Phishing Working Group report says that people are often fooled by URL shorteners – which hide the destination domain – or by brand names inserted in the URL. Here is an example of a suspicious link:

Name impersonation is a type of phishing attack in which a cybercriminal claims to be a known individual and gathers sensitive information from a targeted victim. For instance, imitating a C-suite employee – CFO or CEO – and attempting to steal employee or supplier information.

Content injection is a type of phishing attack where the attackers use a set of macro codes to create an infected email attachment or a visual content. Clicking on this attachment will either lead the victim to a phishing page or result in the download of a malware from a remote server.

Man-in-the-middle is a form of phishing attack where communication between two users are monitored and modified by an unauthorized party. 

Here is an example of a phishing attack that came to light in Europe. The attackers used sophisticated techniques to intercept corporate email communications and made payment requests.

Hackers publish malicious pages and rank them on search engines or run paid ads to attract victims to their sites. Clicking on these search results or ads will take the user to a phishing page.

In the screen below, you will see how one attacker managed to place a legitimate ad on Google.

We have put together fifteen actionable steps that you can immediately rollout to dramatically improve the chances of shielding your company from phishing scams.

Spam is an email with failed validation protocols like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). The status of these protocols indicates whether the domain and the IP address are authorized to communicate with your domain or not.

All email applications provide IT administrators the option to configure spam filters; however, there is a fine line between stopping malicious emails or spam and blocking legitimate emails that could impact your organization’s business!

Here is how you can configure the spam filter settings for Gmail:

Choose “G Suite” from the “Apps Tab.”

Select “Settings for Gmail”→“Advance Settings”→“Spam Settings.”

Gmail also provides users with the option to report spam as well as phishing emails. The only catch is that as an IT administrator, your role goes beyond managing spam settings. You may also have to educate the employees in your network to report suspicious emails.

G Suite administrators can also access a report on spam detected in their network. By analyzing the spam report, an administrator can gain useful insights such as:

Unsafe browsing behavior: Any unusual spike in the spam graph can be a result of users visiting unauthorized websites.

Irrelevant subscriptions: Personal subscriptions using a business email address can trigger a jump in spam.

Pretexting attacks: A sudden growth in spam could indicate the possibility of attackers attempting to gather personal details of employees before launching a phishing attack.

Spam filtering in Office 365 Office 365 also has a comprehensive set of features to control spam. This feature is available for all subscription levels.

Go to “Admin”→“Security and Compliance”→“Home”→“Mail filtering”→“Anti-spam settings”

The admin can choose standard settings or customize it.

When attackers manage to get an employee in your network to click on a malicious link sent via a phishing email, you could still save the day for your organization if you had implemented a multi-factor authentication system.

We recommend at least a 2-factor authentication system in place; however, for sensitive applications in your network, adding more levels of authentication is advisable.

Here is how you can piece together a multi-factor authentication system for your organization.

Password Make sure you have implemented a mandatory password policy. You can refer to this TechNet article in case you don’t have a password policy yet.

Google authenticator Integrate Google Authenticator with your applications. It is an app that generates 2-Step verification codes on your mobile device. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone to sign-in to an account. Refer to this Asaf article to enable Google Authenticator for your applications

A popular alternative for Google Authenticator is Duo Security.

Security code Another way to prevent unauthorized access is by enabling the security code settings in your email account. All subscription plans of G Suite and Office 365 – except trial versions – enable users to get a security code on their mobile device to verify their identity. The administrator can also set the mode of communication for receiving the security code – as a text message or a call.

USB device as authenticator/signature device Critical applications or sensitive data stored in your network can be protected with the help of a USB device. The USB authentication will require employees to insert the USB device encrypted with the signature and enter a security code to access the application. Yubico is one such authentication device.

DomainKeys is an email authentication mechanism that verifies the credibility of the emails generated from a domain. Emails with authenticated DomainKeys are termed as DomainKeys Identified Mail (DKIM)-Passed. Using this DKIM protocol, the administrator can whitelist various business domains to prevent phishing attacks from external domains.

Below is the image of Google Interface that allows the administrator to add DKIM for email authentication.

Email service providers give a preview of the data sharing activities happening from your domain to an external domain.

In the above images, you can notice an unusual sharing activity on May 14, 2018. Such unusual data transfer needs to be identified and questioned, as any confidential data shared with an external domain can put your organization at risk.

How to enable/disable email authentication and file sharing settings for Gmail: For enabling email authentication:

Go to “Admin console”→“Apps”→“G Suite”→“Gmail Suite”→“Settings for Gmail”→“Authenticate Email”

Customize the outgoing email settings with DKIM authentication

Go to “Admin console”→“Apps”→“G Suite”→“Settings for Drive and Docs”

Select the suitable option and apply for your domain

How to enable/disable sharing settings for Office 365:

In Office 365, email authentication is an inbuilt feature.

Go to “Admin”→“Service Settings”→“Sites and Documents Sharing”

Select one of the following options accordingly: 

Fake external websites and links are easy baits for unsuspecting users. Hackers create fake websites that resemble some popular and credible sites. Even if the web page looks legitimate, you will notice that the URL of the page will be different from the original site.

How do you determine if an external site is genuine or fake? The following factors should be assessed before classifying a website as safe/unsafe:

The Alexa rank for a website can provide a pointer to the credibility of the website.

For example, the following image shows the Alexa rank for www.google.com.

If you were looking at a duplicate version of the Google website, the Alexa stats will be different. It is recommended to use a third party tool likeSysCloud Phishing Securityto automate the flagging of suspicious websites that users in your network might have visited.

IT administrators can use third-party tools to perform a real-time scan on the data stored within their organization.

SysCloud Phishing Security is one such real-time scanning application. This application allows the administrator to detect and remove threats from a domain. It covers G Suite as well as Office 365 applications.

How to perform a real-time scan with SysCloud Phishing Security application:

Go to G Suite Marketplace and search for Syscloud Security and Backup. Install and launch the app.

Go to “Admin console”→“Data Loss Prevention”→“Sharing Insights

Select the domain from the domain drop-down menu and click on “SCAN NOW” to see the results

Look into the collaborators of a particular document

Receive details about the threats from scan results

User and Entity Behavior Analytics (UEBA) refers to the process of tracking user data and activities to detect anomalies. The UEBA software can analyze domain data logs to identify the pattern of traffic caused by the employees/users – both normal and malicious. This helps IT administrators to monitor employee activities and prevent them from accessing unauthorized data.

For example, if you are using Office 365 with the enterprise E5 subscription plan, there is an option called Audit log, wherein the administrator can define suspicious activities for their domain.

The below image shows the “Security & Compliance” page of Office 365, wherein the administrator can search for suspicious activities.

You can create a new alert policy by clicking on the “+New alert policy” option. Enter the details in the next page and click on “Save” option.

If you are not using Office 365, you can also choose from third-party UEBA tools. Here is a list of UEBA vendors published by Gartner.

Malware and spyware come in different shapes and forms such as trojans, worms, viruses, ransomware, spyware … to name a few. Every malware is unique and created with a specific objective.

Use the victim’s IT Infrastructure as a host for a mass phishing attack

In 2017, WannaCry ransomware made big headlines as it caused significant financial loss amounting to billions of dollars across hundreds of countries.

Here is the 2017 Gartner peerinsights report on the best endpoint solutions chosen by customers.

For a direct comparison of anti-malware security solutions, refer to the comparison table from the PC Magazine. 

IT administrators should implement processes to govern document-sharing policies within and outside the domain.

Internal to the domain: For G Suite, enabling the “Authorised Email gateways – SMTP” option can whitelist all the channels – like gappssmtp – used for internal communication.

To enable this option, go to “Admin Account→Apps→G Suite→Settings for Gmail.” This will prevent emails with unauthorized SMTP addresses from being accessed by employees. For example, in the image below, “syscloud.com” is spoofed through the “smtpservice.net” portal and a phishing link is sent to the employees.

Administrators can prevent this from happening by whitelisting all the channels for internal communication.

External to the domain: Communication with an unauthorized external domain may put your organizational data at risk. Cyber attackers often use spoofing to steal sensitive data. For example, “abc@businessdomain.com” and “abc@businessdomain.co” look similar, but they are two different domains.

Actionable insights, best practices and tips for IT admins to protect SaaS data.

Explore SaaS 
data protection center

Get expert insights on SaaS data and security

How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators

I acknowledge cookies need to be deleted from my browser to remove tracking.

Ensure complete tracking removal by deleting cookies from your browser. Click here to learn how.

These cookies are set through our site by a range of third-party social media services that we have added to the site to enable you to share our content with your friends and networks. These cookies are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see the social media sharing tools.

These cookies are necessary for the website to function and allow us to count visits and traffic sources so we can measure and improve the performance of our site. The cookies may be set by us or third-party providers in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. All information these cookies collect is aggregated and therefore anonymous.

This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.Learn more about how we process personal data in our  Privacy Policy.

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you disable these cookies, you will experience fewer or no targeted advertising. You may still see advertisements.

A Complete Guide to Google Drive Backup

Gmail Backup: How to Backup Gmail Emails for Business (Step-By-Step Guide)

What Is Google Vault? How Is It Different from Backup?

12 Reasons Why You Need Google Workspace Backup

How to Back Up Outlook Emails: A Step-by-Step Guide

An Admin’s Guide to SharePoint Online Backup

10 Critical Reasons to Backup Microsoft 365 Data Immediately!

How to Backup OneDrive for Business: A Complete Guide for Admins

How to Backup Outlook Emails: A Complete Guide (with screenshots)

Microsoft Teams Recovery Wizard

Gmail Recovery Wizard

Google Classroom Recovery Wizard

Google Sites Recovery Wizard

OneDrive Recovery Wizard

SharePoint Recovery Wizard

How to Prevent Cyberbullying in Schools: Strategies, Tips, & Best Practices

Mental Health in Schools – The Ultimate Guide for School Administrators

How to Recover Deleted Emails from Gmail for Business

How to Recover Permanently Deleted Files from Google Drive for Business

How to Recover Deleted Gmail Account – A Complete Guide

How to Recover Permanently Deleted Files from OneDrive for Business

How to Recover Deleted SharePoint Files in Microsoft Office 365?

How to Recover Deleted Outlook Emails in Microsoft 365?

SaaS Backup Buying Guide

How to Transfer Your Google Drive Files to Another Account

Shared Drive for the Confused – Google Drive vs. Shared (Team) Drives

A Complete Guide to Google Organizational Units

How to Use Google Takeout for Business: A Complete Guide

How to Delete a Google and Gmail Account

How to Import MBOX into Gmail: A Step-By-Step Guide

Demystifying Google Drive Document Sharing

Google Vault: The Ultimate Guide for IT Administrators (Updated)

Google G Suite Primary Domain Change Migration Guide

Admin's Guide to Using OneDrive Shared Folder and Files

A Complete Guide to Azure AD Administrative Units

Why do IT Admins Prefer SysCloud for SaaS Backup?

FERPA Compliance: A Complete Guide for Educational Institutions

Ransomware Recovery Guide: How to Recover from a Ransomware Attack

Gmail Security Settings: Strengthen Gmail Security against Phishing and Ransomware

5 Microsoft 365 Admin Center Outlook Settings to Stop Phishing Attacks

Insider Threats : A Guide to Your Cloud Apps Security

The State of G Suite Third-Party App Security – 2018 Report

14 Types of Phishing Attacks That IT Administrators Should Watch For

16 Top Brands That Scammers Target for Brand Impersonation Attack

Google Drive Security : 3 Ways to Guarantee Safety

How Compliance to PCI Can Be Achieved in Google G Suite

SOX Compliance in Google Apps

Top 3 Critical Security Mistakes When Configuring a Google Apps Domain

Worried about Phishing Attacks? Here are 17 actionable steps that IT admins can take to stop a phishing attack and secure the organization.

An in-depth article on how IT admins can stop a phishing attack and secure the organization.

How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators

The relentless growth of phishing attacks

What are the different types of phishing attacks?

1. Business domain impersonation

2. Brand impersonation

3. Suspicious link

4. Name impersonation

5. Content injection

6. Man-in-the-middle attack

7. Search engine attack

17 easy hacks to prevent a phishing attack

1. Use spam filter for Gmail and Microsoft 365/Outlook

2. Use multi-factor authentication

3. Configure email for secure data flow

4. Monitor suspicious external sites

5. Perform real-time scan

6. User and entity behavior analytics (UEBA)

7. Implement solutions for malware and spyware

8. Implement secure document sharing

9. Prevent phishing on your G-Suite domain

10. Enable Office 365 phishing protection

11. Enable secure browsing with virtual desktop infrastructure

12. Deploy password alert extension for G Suite

13. Use encryption for data transmission

14. Enable OAuth

15. Communicate the latest attacks

16. Use third-party tools

17. Use a phishing simulator