Rook Uncut: 3 Steps in Preventing Spear Phishing Scams
With new data breaches or information security concerns making headlines each day, we are often approached by peers, friends, family, and the media to provide insight. Rook Uncut gives you our quick and raw answers to security questions. If you missed the last edition of Rook Uncut, check it out here.
I get a lot of questions about spear phishing. Here are three steps companies can take to prevent it from happening to someone at their organization.
Spear phishing is and always will be a vulnerability of enterprise networks because it attacks the human and not the technology. User awareness training will help catch a portion of these types of attacks, but we need to put more technological controls in place to help with the rest. Attackers are using third party providers to purchase and house their domains. This increases the difficulty and puts an extra layer of defense between you and the attacker by making it difficult to get the site shut down or purchase the domain after identification.
The key is to make the attack as difficult as possible for attackers, and encourage them to move on to an easier target. Here are three steps you can take:
- Block domain names
First point of defense is to block domain names similar to yours at the perimeter. These domain names should include replacement of similar lettering types for example, “L” for “i” or “m” for “nn” or even doubled up letters, “ll” or “ii”. Get creative. These types of domains can easily fool some of the most cautious users. This defense mechanism will help prevent users on your network from surfing to these sites, but traveling users are still vulnerable. - Block domain names in email management system
Add an additional layer of protection by blocking these types of sites in your email management system. The block shouldn’t be just for inbound emails from the domain, but if the domain is linked or mentioned in the email. Preventing these emails from ever making it into your users inbox is a sure way to help mitigate. - Purchase domain names
Companies should also consider purchasing these domains to help prevent the attack in the first place or against outside resources that are out of your control, like personal emails. If purchasing the domains isn’t an option, there are services that can watch for when a domain comes up someplace other than expected. Scripts can also be written to watch for IP address and/or whois data changes. These services, which Rook has developed a specialized tool for monitoring, can help to identify an imminent attack.
Have questions for our security pros? Drop us a note at info@rooksecurity.com and we might feature the answer on an upcoming Rook Uncut post!
