The journey of an email phishing attack

The journey of an email phishing attack

E-mail hacks – we’ve all been there

It is probably safe to say that in either their personal or business lives (or both) everyone has experienced, seen or heard the effects of an email hack – it might be the fake Apple ID email or a fake email your favourite online shopping site telling you have won £500! While your personal risk of being hacked may seem low, the threat to your company’s data is serious. Corporate Business email continues to be the primary security threat vector employees face—specifically, malicious email attachments and sophisticated (“spear phishing” and “ransomware”) threats.

To understand how a simple email phishing attack can comprise a business, we need to understand exactly happens during a hack, and how can you keep your company’s data safe? In the example below, a phishing attack uses email as the point of entry for network access, which can lead to malware installations, credential theft and much more.

  1. While many threats from outside sources may already be blocked by your organisations’ existing email and web security solutions – many still make it through. They do this by masquerading these messages as if they have come from trustworthy senders, so often make their way past even the best defences. These “phishing” attacks target specific users via an email link or attachment.
  2. Once these threats have made it into an employee’s inbox, there’s a high chance that they will be clicked or opened (since they are usually too good to be true). Based on data from Intel Security, a whopping 97% of individuals “cannot correctly identify a sophisticated phishing email”. Once a victim interacts with the email, malware infects the user’s device(s) – bear in mind this might not be their PC – it could be their smartphone.
  3. This malware now has access to the user’s device and can access secure information from virtually any device employees access their work email from. With the number of devices that the typical employee has today, you must worry about far more than just company-issued devices as the source of a breach. From here, the malware steals the user’s credentials. This can be achieved in a variety of ways, including capturing usernames and passwords when the user signs into websites or corporate apps and even capturing all keystrokes performed by a the user.
  4. With these credentials, the malware can now access all personal, company and client data or any other confidential and previously secure information from the computer and possibly the entire network. Stolen corporate credentials and data are frequently sold on the black market because they can be used to cause both financial and reputational harm to a business unfortunate enough to become a victim.

How do you defend against such threats?

With Microsoft Exchange, Advanced Threat Protection (ATP), suspicious attachments face multiple defences before potentially landing into a user’s inbox. The huge analytics and machine learning engines in Office 365 also learns to understand “safe senders” and allows the business to customise their preferences and specifically tailor them to suit their needs.
Office 365 Advanced Threat Protection uses a holistic approach that combines attack protection, detection and response features to secure your business and corporate data both now and in the future.

Business Benefits of Using ATP

  • Reduce the threat of malicious content by extending Exchange Online protection capabilities to better safeguard users against common attack methods with the additional of Safe Attachments and Safe Links and Time-Of-Click protection
  • Increase your understanding of threats – ATP provides robust tracking and reporting around malware, links and attachments which helps you quickly find patterns around malicious content, user behaviour and activity and allows you to adjust policies for greater protection
  • Meet your business and IT needs by easily creating and managing policies for Safe Attachments and Safe Links to meet specific needs straight from the Office 365 Admin Console for faster remediation around any issues or risks that are detected

Office 365 Advanced Threat Protection is included with Office 365 E5 or as an add-on subscription.

Fill in the form to speak to an expert about the Office 365 ATP pilot.

Rob Quickenden, Chief Strategy Officer at Cisilion