4 Key Considerations When Choosing Your Next Anti-Phishing Solution

Key Considerations for Phishing Protection

Phishing attacks can be performed in a number of ways and take advantage of several different attack vectors. When selecting an anti-phishing solution, it is important to consider all of the potential ways that an organization’s employees can be attacked.

1. Anti-Phishing for Email

Email is the most common and well-known delivery mechanism for phishing content. Email can deliver malicious content in a number of forms, including:

• Infected Attachments: Email attachments may include Office documents with malicious macros or infected PDFs designed to drop malware or launch attacks using Windows Powershell.
• Malicious Links: Links within emails may point to credential harvesting pages or ones serving malware to unsuspecting users.
• Business Email Compromised (BEC) Attacks: BEC attacks use a compromised account or lookalike email domains to trick the recipient into taking some action, such as paying a fake invoice or one edited to replace a legitimate vendor’s bank details with those of the attacker.

An organization’s email security solution should include protections against all of these attack vectors. This includes support for sandboxed evaluation of suspicious or malicious attachments, investigation of potential phishing links, and AI-based identification of BEC emails via analysis of the contents of a phishing email and other potential indicators of a compromised account.

2. Anti-Phishing for Productivity Applications

Email is only one of the attack vectors that cybercriminals use for performing phishing attacks. Productivity applications such as Microsoft Teams, Microsoft OneDrive, Google Drive, and Microsoft SharePoint are commonly used in these attacks as well.

Like email, all of these platforms are capable of sharing links and files. An attacker can compromise a platform, embed malicious content, and then either wait for a user to fall for the phish or send them a sharing link directly from a compromised account.

3. Anti-Phishing for Endpoint Devices

Not all phishing and malicious content is actively delivered to the target user. Watering hole attacks create malicious sites that a user is likely to visit on their own. For example, an attacker may compromise a site commonly used by an employee or create their own and work to have it ranked by search engines. When an employee visits the site or searches for a certain term, they visit the site, which can harvest their credentials or install malware on their machines.

For these types of attacks, employees need phishing protection at the endpoint level. This includes the following features:

• Phishing Site Detection: New phishing sites are created every day, but they often have similar functionality. An anti-phishing solution should be capable of identifying and blocking malicious sites based upon their malicious functionality.
• Credential Reuse Detection: Credential reuse is a common problem, and many employees reuse the same credentials across business and personal accounts. An anti-phishing tool should compare stored hashes to inputted passwords to detect the use of the same credentials for multiple accounts.
• Alerting of Compromised Accounts: Data breaches occur on a daily basis, and an employee may not be aware that their credentials have been breached. An anti-phishing solution should compare inputted passwords to data exposed on the dark web and alert the employee that they should change their password if it is included in a breach.

By implementing these functions, an anti-phishing solution minimizes an organization’s risk of compromised accounts, regardless of how the malicious content reaches the device.

4. Anti-Phishing for Mobile Devices

Mobile devices are a common target for phishers. This is for a variety of reasons, including:

• Multiple Communications Channels: Mobile phones contain apps for email, corporate communications platforms, SMS messaging, and social media. All of these can carry malicious content and links, providing attackers with a variety of options for performing phishing attacks.
• “Always On” Connectivity: Most people constantly have their mobile phones with them and often check messages within moments of receiving them. This increases the probability that an attacker will have a successful attack with minimal wait time.
• URL Shortening: Phones’ small screens mean that only a fraction of a page’s URL is shown in the address bar. This makes it easier to disguise phishing links as legitimate URLs.
• No Link Hovering: Hovering over a link to check its target is a common technique taught in phishing awareness training. However, this is not possible on a mobile phone, making it more difficult to detect malicious links.

All of these factors mean that mobile users are extremely vulnerable to phishing attacks. Any corporate anti-phishing solution should have mobile support and protection for common mobile-based phishing attack vectors.

Selecting an Anti-Phishing Solution

When selecting an anti-phishing solution, it is important to consider all potential attack vectors and platforms that an attacker can use to target an organization’s employees. Cybercriminals will get creative and use any attack vector or platform in their attacks if it increases their probability of success.

Check Point offers a comprehensive phishing protection solution that provides coverage and protection of all potential phishing attack vectors. Contact us for more information and request a demo to see how we can help to minimize your organization’s phishing risk.