365 MFA

Phishing, Multifactor Authentication & You

In Cyber Security, Microsoft365 by Dave RogersLeave a Comment

Phishing is a bigger problem in 2020 than ever. In fact, the problem is so large that it is hard to keep up with the latest figures about how widespread the issue is.

What you need to know for your organisation is what Phishing is, how it works and how to mitigate any attacks.

What is Phishing-

Imagine you receive an email from Royal Mail with the subject line: “You missed a delivery”.

Since you recently placed an order online, you immediately open the email and follow the link to track the package.

Everything about the email looks as you would expect; the sender seems normal, the Royal Mail logo appears in the signature and the email is addressed to you.

However, following the link, your computer starts struggling with normal tasks, malware appears and consumes your information and lots of emails start being sent to your contact lists.

What happened? You fell victim to one of the most prevalent cyber-attacks on record….Phishing.

Phishing is a fraudulent attempt to extract money, obtain sensitive information such as phone numbers, login credentials, or credit card details or install malware by pretending to be an entity that is trusted by the target. Occurring predominantly via email or text messaging, phishing is typically bulk in nature and not usually personalised for an individual target.

How does it work?

At the core of every phishing attack is email impersonation. So, how do you successfully impersonate a person or brand?

Let’s use the Royal Mail example and imagine that the only legitimate email address associated with the brand is contact@royalmail.com.

While cybercriminals can actually replicate that exact email address by spoofing the royalmail.com domain, it’s risky. To start, many major brands have adopted email authentication, which could prevent someone from directly spoofing their domain.

But, with risk comes reward. Recipients of emails that are sent from spoofed domains have no way of knowing that an email wasn’t actually sent from its apparent sender.

It’s more common for attackers to use domain variations that in some way resemble the authentic email address.

The easiest way is to simply change the display name. Anyone – yes, anyone – can change their display name via their email account settings. That means that someone using an email address that’s in stark contrast to contact@royalmail.com can still use the display name Royal Mail Customer Service.

No alt text provided for this image

Another common tactic is to register a domain that specifically impersonates a legitimate company. These may be one letter difference from the real company domain, but can be incredibly convincing.

For instance:

contact@royalmail.me

contact@royalmails.com

royalmailcustomerservice@yahoo.com

contact@royalmail-outbound.com

These are all examples of the methods used by attackers to create convincing emails that are sent out to victims on a daily basis.

Phishing email campaigns typically rely on a large pool of targets. The attackers will send a vast amount of emails as quickly as possible as the IP addresses and domains they send from are blacklisted globally rapidly, sending any further emails to the rejection pile or junk folder.

Phishing attacks have a 3% click rate, so the more targets the attackers can reach, the more likely they are to fulfil their aim.

Spear Phishing –

It is also important to learn about targeted Phishing attempts – also known as Spear Phishing.

Spear phishing requires more thought and time to successfully execute.

In addition to the tactics that we see employed in phishing, bad actors in these more customized attacks will use information from company websites, social media, news articles, and more to engineer an email that’s believable, even to someone who’s been through extensive security awareness training.

Oftentimes, cybercriminals impersonate someone in an authoritative position – for example, the CEO or a line manager – because employees tend to be less likely to question their superiors, are generally keen to help someone in power, and tend to act with a greater sense of urgency.

No alt text provided for this image

How can we stop this? –

Unfortunately, innovation in email hasn’t evolved in tandem with the fast-paced digital transformation, which is one reason why reports of phishing attacks have continued to increase year-on-year.

6.4 billion fake emails will be sent today alone.

It’s quite clear that spam filters, antivirus software, and other legacy security solutions aren’t able to keep pace with attacks that are becoming more and more complex by the day.

That’s why it’s so important that individuals are scrupulous and inspect attachments and links before they’re downloaded or clicked. In particular, we recommend that you:

·        Review the email address of senders and look out for impersonations of trusted brands

·        Always inspect URLs in emails for legitimacy by hovering over them before clicking

·        Genuine brands generally won’t ask you to reply divulging sensitive personal information. If you’ve been prompted to, investigate and contact the brand directly, rather than hitting reply

Multi Factor Authentication –

One other key technology we at Entegraty recommend is the use of Multi Factor Authentication.

Microsoft has an inbuilt multifactor authentication (MFA) tool that adds an extra layer of security to your environment. When MFA is enabled the end user would require to authenticate with their usual username and password and obtain a security code. The security code can be obtained from either registering a mobile number to receive SMS security codes or from the Microsoft authentication tool that can be installed as an app on a mobile device.

There is no associated cost for enabling MFA as it is an inbuilt tool within Microsoft 365. The benefit of enabling MFA is that even if user name and password are breached, hackers would not be able to access your data without the security code which would only be sent to your registered device.

Please get in touch with us and speak to a consultant about enabling MFA on your environment to protect your users.

Leave a Comment