Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

3/25/2020
03:45 PM
Edge Editors
Edge Editors
Ask the Experts
100%
0%

What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Two security awareness advocates from KnowBe4 provide some solid suggestions.

Question: What should I do if someone is impersonating my company in a phishing campaign?

Erich Kron, security awareness advocate, KnowBe4: The Internet, as we know, was not designed for security. Unfortunately, that has left us with some issues. One major issue is the ability to spoof email addresses rather easily.

If your organization is experiencing issues where people are impersonating it when sending phishing emails, ensure your email services are set up to use Sender Policy Framework (SPF) records or DomainKeys Identified Mail (DKIM) and also to use Domain-based Message Authentication, Reporting & Conformance (DMARC). These authentication technologies are used to validate that emails come from servers that are authorized to send from your email domain. While this won't stop the bad actors from trying, it will allow victim email systems to better identify and block these fake messages.

James McQuiggan, security awareness advocate, KnowBe4: If your organization is being impersonated in a phishing campaign, it's important to reduce the risk to your employees and customers from being scammed through communication of such potential attacks. Either posted on the website, in emails, or text messages, inform them about the potential threat that could be seen via a phishing scam and explain that the organization will never ask for passwords or other sensitive information via a link in email. Another good practice is to teach people to not click on links in emails or text messages unless they are expecting the link. Advise them to use bookmarked websites or get access through a search engine.

Also, be on the lookout for typosquatting or script spoofing, which is where the criminals purchase various domain names of the organization website with transposed letters or use homographic characters. These characters could be from another language, like Cyrillic or Hebrew, and may be difficult to spot in the URL. One solution is to purchase the websites that would contain the transposed or common Cyrillic-lettered websites and redirect them back to the organization's main page.

Related Articles:

 

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
   OVER THE EDGE
Post-Pandemic Presentation Plans

Source: J4vv4D

We'd love to hear your ideas, too! Add them the Comments section, below.

What security-related videos have made you laugh? Let us know! Send them to [email protected].

Name That Toon: The Lights Are On ...
Flash Poll