Here’s what you should do to stop phishing threats

December 20, 2021

Patrik Honegger has worked in the IT sector since the 1990’s and has specialized in the IT security field since 2000. He joined Check Point in 2001. Since joining Check Point, he has been involved in the full array of the company’s solutions and customer sectors and maintains a deep technological understanding of products and customers’ needs. Patrik has successfully fulfilled roles as Security Engineer, Lead Consultant and Head of Security & Systems Engineering in Switzerland. He is a member of the Office of the CTO, and holds various technical certifications. Prior to his role at Check Point, Patrik had multiple technology expert roles in local and global companies.

In this interview, expert Patrik Honegger provides achievable ways to improve anti-phishing outcomes. Get insights into security benchmarking, anti-phishing best practices, and anti-phishing solutions. Future-proof your organization against phishing threats. Fight the phishers and stay safe this holiday season.

If you were a CISO, where would you start in upgrading a phishing prevention programs?

I would certainly start with employee education and running awareness campaigns about the different aspects of phishing and social engineering. It is important to teach people about how to identify and, even more importantly, avoid potential phishing attacks. It is vital to use modern and interactive training modules, like email campaigns, videos…etc. All employees, including C-levels, should be trained and able to report any suspected email activity in order for it to be investigated immediately.

Cyber criminals usually rely on manipulating people, so the best way to protect your organization is to stay up-to-date on the latest phishing tactics and to learn about the various traps related to phishing attempts.

Phishing threats are flying past defenses. What are the most dangerous phishing campaigns right now?

First of all, I suggest that you regularly look at our monthly “Most Wanted Malware Page.”

Surprisingly enough, we saw the well-known Emotet Trojan come back in the November timeframe. It is currently being spread by phishing emails with malicious attachments (Word, Excel, ZIP files and also via malicious Windows App packages hiding as Adobe software).

Can you share a bit about how the software supply chain could be used to distribute phishing threats?

Malicious actors can simply use information from target suppliers and vendors to make their emails appear as though they are coming from trusted partners. For instance, malicious messages sent from compromised Exchange servers or O365 accounts are still the number one point of entry for current cyber threats. This puts everyone at risk, as the delivery from a trusted entity (customer, partner, vendor, relatives…etc.) is crucial to successful phishing and ransomware attacks. The supply chain is the primary entry vector to be concerned about.

What should executives keep in mind in trying to avoid targeted spear-phishing attacks?

It’s crucial to understand the principles of spear phishing scams and how you can spot them on your own.

- Check the domain and sender email address first. If it does not match the sender or if it is used with a public domain, chances are high that you’re dealing with a phishing attempt.
- Check the email body for spelling and grammatical errors. Is the email following the same style as previous messages you received already?
- Another easy-to-use check: Infected links can be easily spotted if you hover over them to see the real URL. You can see if it is pointing to a suspicious website or, if it does not match the displayed link itself, it might again be a phishing attempt and you should delete the email after you have notified your IT department.

2. Secure your personal data

- Keep your social media accounts private and make sure to know who can see what and be smart as possible about your own postings (travel activities, vacation pictures…etc.).
- Use a password manager and strong passwords. Change the passwords frequently.
- Use at least two-factor authentication or Authenticator Apps when offered.
- Be aware of modern AI techniques like video or voice spoofing and how they could be used to trick you.

3. Keep your system security up-to-date with latest OS and Application patches and anti-malware solutions.

4. Team awareness: make sure everybody gets regular updates about your activities and expected outcomes/reactions. Make sure only relevant people and defined delegates know details.

In the wake of SIM card attacks, can two-factor authentication really help or is it more of a hindrance? (Example – a hacker conducts a SIM card swap, and suddenly two-factor phone authentication allows them to break into all accounts…)

It can certainly help and is still better than just using simple passwords but you should consider a few steps like:

Using a authentication app, such as Google Authenticator or Microsoft Authenticator instead of SMS
Requesting a number lock with your carrier to protect your mobile number from an unauthorized transfer request.
Limiting the amount of personal information you share online with everyone
Avoiding phishing emails, text messages and calls. Most criminals will try to impersonate trusted or well-known institutions. They rely on the general assumption that most people will not hesitate in answering their questions. Hang up, delete these messages, and if you need (real) help, contact these institutions on your own.

What are the biggest organizational blind spots when it comes to phishing?

Organizations should look beyond their network to prevent current visibility gaps.

Check if your current technologies cover today’s attack vectors like email, mobile devices and social media.
Create a clear plan for how you want to close the gap.
The best tools will not only detect real-time threats, they will PREVENT threats and give you enough information to defeat them.
Make sure you have incident response capabilities outlined as part of your plan, and constantly check your tools in relation to your plan.
Assume that someone in your organization is getting phished.

Recommendations to help organizations avoid phishing attacks on BYOD devices?

Again, education is key here and should be your number one priority.
Prevention: Focus on prevention solution instead of alerts/detection only.
You need prevention capabilities for personal emails on BYOD devices.
Visibility, user behavior etc.: Care about normal employee behaviors and spot behaviors that suddenly deviate from the standard behavior.

Recent Twitter, LinkedIn or other social media phishing scams that organizations should beware of?

In general, follow the above recommendations and steps, asking yourself why someone has an interest in connecting with you. Do not share any personal information when asked on the phone.

Other proactive measures that you would encourage organizations to take in preventing phishing threats?

Deploy an automated anti-phishing solution. We recommend an AI-based anti-phishing solution capable of detecting and blocking phishing attacks across all attack vectors. Check Point’s anti-phishing solutions includes different products to address different attack vectors– email, endpoint and mobile.

Harmony email & collaboration secures inbound, outbound, and internal email from phishing attacks that evade platform-provided solutions and email gateways. It works with other solutions and does not require any MX (Mail Exchanger) record changes that broadcast security protocols to hackers. It also analyzes all historical emails in order to determine prior trust relations between the sender and receiver, increasing the likelihood of identifying user impersonation or fraudulent messages. Harmony Email & Office uses artificial intelligence (AI) and indicators of compromise (IoC’s) to know what to look for in complex zero-day phishing attacks.

Harmony endpoint provides anti-phishing for endpoint devices. Its “Zero Phishing” feature identifies and blocks phishing sites in real time and even protects against previously unknown phishing sites. When a user visits a website, the Zero Phishing engine will inspect, identify, and block phishing sites. If the site is considered as malicious, then the user will not be able to enter credentials. Zero Phishing also prevents credentials re-use, so users will not expose their corporate passwords on other sites.

Harmony mobile provides anti-phishing for mobile devices. Zero Phishing allows companies to thwart zero-day phishing threats by inspecting the web page itself and making an informed decision on whether or not it is a phishing site. Combined with the SSL inspection feature, organizations will experience total protection from phishing sites.

Anything else you wish to share with the CyberTalk.org audience?

Wishing everyone a peaceful and phishing-free holiday season and most importantly, stay safe!

Looking for more insights from this outstanding cyber security expert, Patrik Honegger? Click here.

Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.