With phishing on the rise, brands should be ready to counter attacks as they happen and implement robust measures to make further attacks more difficult.
When your brand is the victim of a phishing attack, you need to take immediate and swift action. First step should be to ensure consumers are aware of the phish. Then cut the phish data collection page off at the knees. Most brands are quick to notify consumers via the usual channels, but slow to stop the data collection. Preventing your consumer data from falling into the wrong hands is top priority for brand trust and consumer risk.
In a recent case that we were asked to investigate, the phish brought us on a tour, first to Australia then Thailand and finally to a hosting firm in the US, who were able to process a Takedown notice. This immediately incapacitated any messaging via email or social media. A sample Takedown notice is included below with reference to The Digital Millennium Copyright Act (DMCA).
We’ve noticed an increase in sophistication in terms of the measures that attackers use. In another example, the attacker exploited a vulnerable ecommerce site of a well known retailer. The retailer was completely unaware they were hosting the phishing page and obviously the site itself was seriously compromised.
It is also prudent to phone the hosting firm right away. Very often they will take the site down, there and then, once they can clearly see it’s a phish. They too are conscious about their brand reputation and reputable firms will act swiftly.
Email remains a primary channel for attackers and anyone can spoof a vulnerable domain e.g. firstname.lastname@example.org When your domain is properly protected, email providers like GMAIL are quick to spot that the sender is not authorised to send email on behalf of your company and route to the junk folder. But this only works if the domain has SPF specified (Sender Protection Framework).
Even if you don’t send a lot of email, it’s worth protecting, so that others cannot send email on your behalf. In many cases the company has no SPF record, allowing the email through with a potential click through to the phishing page. That’s why it’s important to get the phishing page taken down quickly.
So adding SPF is a very simple step towards protecting your domain, is effective within hours and takes just a few minutes to do. You can also add DKIM and DMARC which is somewhat more involved but will make the task of an attacker even more difficult and more likely to route the message to the junk folder.
The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history. APWG Chairman, Dave Jevans said, Globally, attackers using phishing techniques have become more aggressive in 2016 with keyloggers that have sophisticated tracking components to target specific information and organizations such as retailers and financial institutions that top the list.
Deliverability expert, Andrew Bonar says DMARC in all honesty does not add much of an additional security layer to what SPF offers, it does however offer a means of being alerted when your Mail-From is being spoofed by third parties, thereby enabling you take faster action than otherwise may have been possible. A truly reputation focused brand will want to take a proactive approach to protecting their reputation and building trust with their clients:
There are reporting tools you can use like Google’s phish reporter and Government supported reporting tools. All worth doing -but they play second fiddle to preventing attacks in the first place.
Now is the time to check your domain for any vulnerability. Use the free tool on this page or ask us to conduct a free in-depth review for you. The in-depth review includes your email sending reputation.
Report phish to Google Report phish within US Report phish within EU In-depth reputation check > SPF DKIM DMARC The Digital Millennium Copyright Act (DMCA) Sample DMCA Takedown notice Report to GoDaddy
Enter domain below to test for an SPF record.