• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

#CSAM: Don’t Underestimate Email Phishing

October 28, 2014 By The Editor

Cyber Security Awareness Month is coming to a close. We’ve enjoyed a lot of discussion (#CSAM) throughout October as the industry at large works to make sure everyone is cyber aware and secure. We thought we would end the month with another look at an important basic – email phishing security.

Even less savvy computer users now know not to click on executable attachments in emails. Most even know that hypertext and web links should be treated as suspect – especially as URL spoofing and disguising becomes increasingly effective in today’s phishing attempts. But, a lot of file types can catch your workforce off guard. Hence why phishing scams continue to flourish.

Many think Microsoft Office files are benign, but they may not be. Word documents, Excel spreadsheets and other Office files can execute code through software flaws. PDF files are just as susceptible. Make sure your users know it may be just as dangerous opening a Microsoft Office or PDF file as it is clicking on an executable file.

Be sure to train your users about the dangers of clicking on suspect email attachment files and embedded hypertext and web links. They are pretty easy to spot since most tend to not be customized to individual recipients. Phishing emails often have bad grammar, links that don’t match branded web domains or other flag-raising issues.

Note, however, that more sophisticated phishing attacks have now started to target their recipients specifically. These emails may contain content that is of interest to that specific user and their job function. These sophisticated attacks are more difficult to spot, but not impossible.

The answer to the growing complexity of phishing attacks is training, practice drills and up-to-date security solutions. Be sure your users are aware and vigilant about potential phishing attacks. Training is step one, but do not discount the need for practice drills. Putting phishing emails in front of your workforce demonstrates and reiterates the need for review. Think of it as creating muscle memory for their real-world email use. The goal is to keep them leery when interacting with file attachments or links in unsolicited email.

Also be sure to review and update your antispam and firewall security policies. Security threats appear and evolve rapidly. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our WatchGuard Security Center blog, including popular email phishing tricks and attacks. Subscribe to receive email updates and you’ll receive each update in your inbox.

Again, October is Cyber Security Awareness Month. Make sure you are cyber aware and stay tuned for more security updates right here on the WatchGuard Smart Security Blog.

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use