How to stop Phishing emails
The psychological nature of phishing ensures that users will slip up now and again, and because hackers are continually honing their techniques, so will email filters. This means that while there’s no technology that will stop 100 percent of phishing emails and make people stop clicking on them, a combination of these key components represents the best way to stop phishing emails:
AI-based anti-phishing technology
Most anti-phishing technologies scan for unique identifiers of the email, including the header, footer, subject line, or email body. If the email filter recognizes the fingerprint, it will block the email. But if a hacker makes even a slight adjustment to any of those identifiers, a fingerprint or statistical-based filter will not recognize it, and the phishing email will be delivered.
Machine Learning algorithms represent a more intelligent solution than traditional fingerprint scanning because they recognize behaviors in addition to fingerprints. Behavioral analysis can stop phishing emails by identifying obfuscation and bypassing techniques that fingerprint-based filters cannot.
Computer Vision, a branch of Machine Learning, analyzes images rather than text. Brand logos are a nearly universal component of all phishing emails, but they also leave a fingerprint. Hackers use distortion techniques, including changes to color and geometry, to bypass filters.
Phishing awareness training and reinforcement
Despite the booming phishing awareness market, phishing emails continue to trick users and cost businesses. But it still is very effective.
Early in training, users are less likely to click on malicious emails (two percent), but after the first hour of training, click rates rise to nearly eight percent. Reporting phishing emails, which is critical to stopping phishing emails, drops off after the first hour of training. Despite the reduction in the overall click rate, the data reveals that phishing intelligence is tied to the recency of phishing training. Annual training is clearly not enough. Simulated exercises must be augmented with continual training that reinforces best practices and is not only more realistic but also more memorable.
Reporting and feedback loops
According to Verizon, only 17 percent of phishing attacks are reported to IT. This low number could be tied to the waning effectiveness of training over time. But it could also reflect what is a general lack of understanding about what happens when a user reports a phishing email.
Reporting an email threat does more than alert IT to a single email or potential wave of emails. A phishing email that slips past a filter is a false negative, a mistake on the part of the filter that has to be mitigated. Reporting emails is critical but giving users a tool to report is equally important in the effort to stop phishing emails. To discourage users from deleting or ignoring phishing emails and encourage them to report, offer an email feedback loop that is integrated into your email client.
Vade Secure for Microsoft 365 users can report email threats directly to our SOC by clicking the Junk or Phishing buttons in Outlook. This feedback loop provides a simple, one-click solution to reporting email threats immediately, reducing lag time between email delivery and threat mitigation, making users better reporters and strengthening the email filter.