Inbound Shield™

Keep your organization safe from targeted threats with powerful multi-layered scanning technology. Deeply analyze, detect, and classify the most advanced Phishing, Malicious, SPAM and even Gray emails.

Try Trustifi
Deployed In Minutes Easily With outlook Outlook/O365 Add-in or Relay Google Workspace Add-in or Relay Any Email Server Relay

Inbound Shield™

Keep your organization safe from targeted threats with powerful multi-layered scanning technology. Deeply analyze, detect, and classify the most advanced Phishing, Malicious, SPAM and even Gray emails.

Try Trustifi
Deployed In Minutes Easily With outlook Outlook/O365 Add-in or Relay Google Workspace Add-in or Relay Any Email Server Relay

Phishing

Phishing is an email scam that tricks victims into giving away sensitive personal information. It is often the doorway to a system breach. Learn how to recognize and protect yourself from phishing.

 

What is Phishing?


In a phishing scam, an attacker impersonates an authentic person or institution to target the victim through an email. Fraudulent emails trick their victims into believing they are dealing with a legitimate organization. This leads them to divulge sensitive information, such as their bank account number, credit card number, and password. The attacker then uses that information to steal the victim’s identity, access their accounts, and rob them of money and reputation.

Despite companies’ efforts to improve security, phishing is among the most effective and affordable ways for malicious actors to steal sensitive data. With one click or tap, users can compromise the company’s entire security system, as well as their identity.

Phishing was first litigated in 2004 against a teenager in California who imitated the website America Online (AOL.com). The fake website enabled him to get sensitive data from users and max out their credit cards’ data to empty their accounts.

Email phishing and website phishing aren’t the only types of phishing. Smishing (SMS phishing) and vishing (voice phishing) are also popular weapons of attackers.

 

How Does a Phishing Attack Work?


Phishing attacks are transmitted most commonly via email. The attacker begins by collecting a list of email addresses belonging to employees of a company. The hacker then sends a fake message in bulk, with the aim of capturing as many victims as possible. The bogus messages impersonate a known entity trusted by the users. For example, an attack on a company may masquerade as a supplier. On the other hand, an attack aimed at an individual may appear as the utility company.

The fake email contains a link to a forged website. The attacker hopes to trick the user into clicking the link in the email, which directs the user to a fake website that looks identical to a reputable website. The website prompts the user to log in. The user, believing the website is real, attempts to log in by providing their username and password, unintentionally giving away their login credentials to the attacker.

The perpetrator not only has access now to the real website they had impersonated, but they can try those same credentials on other websites and accounts. Unless the victim has been exceptionally scrupulous at never repeating the same username and password on more than one site, the attacker may be able to access other accounts of the victim.

In addition, sometimes the fake website will prompt the user to supply additional personal data to “verify” that they really are who they say they are. This may include such personal details as a credit card number, address, Social Security Number, birth date, and so forth. With this additional information, the bad actor can do all sorts of damage, including locking the user out of their own accounts, changing their passwords, and performing financial transactions.

What’s more, if the attacker has forged your company website, the phishing victim has just supplied them with the credentials they need to breach your security system and start harvesting company data. Unless your network is protected by a sophisticated Business Email Compromise solution, your security staff may take quite a while to discover and shut down damaging data leaks.

 

What Does a Phishing Attack Look Like?


Hackers can disguise themselves as any number of legitimate sources to dupe a victim. For example, they could send a fake email from the victim’s bank or simulate a message from a Google Drive where the victim usually keeps their information. Another popular ploy is to send a scam email asking a user to change their password or update their profile information. For example, a user can receive a fictitious email allegedly from a software company whose products they regularly use. The email advises them that their subscription is about to expire and they will lose access if they do not provide their credit card information.

A forged email may also come from a service that the targeted person frequently uses and that may contain personally sensitive information. For instance, they may receive a message that their account is in danger and they must change their password immediately in order to keep their account safe. When the user enters both new and old passwords in an attempt to secure their account, the attacker obtains access to the victim’s original password (i.e., the old password) and uses it to steal the victim’s confidential information.

 

What to Look for in a Phishing Email?


Hackers are becoming more adept at phishing every day. In recent years, attackers have introduced sophisticated methods to dupe victims, and it is hard to protect yourself, unless you learn how to recognize legitimate from false emails. Here are a few tips to look for when detecting phishing emails so that you can stay protected:

Authentic Sources Do Not Ask for Personal Information via Email.

Be wary of emails that appear to come from a legitimate source and request personal information, as those emails are likely frauds. Legitimate companies don’t email you and ask for your credit card information, user credentials, tax numbers, or credit scores.

Offer That Seems Too Good to be True.

Email scams can also lure you with huge discounts on appliances, smartphones, and vacations. Even though it is hard to ignore such discounts, it is best to delete them. The chances are high that the email is from bad actors who are phishing for your credentials.

Look for Grammatical and Spelling Errors.

Phishing emails in the past were easily detectable because they were filled with spelling and grammar errors. Since hackers have become more advanced, however, they no longer make these mistakes. Nevertheless, you are still encouraged to delete any email containing grammatical or spelling mistakes.

 

How to Stay Protected Against Phishing Attacks?


No matter how cautious a person is, sometimes it is almost impossible to detect a phishing attack. As the attacks are becoming more sophisticated, users can take additional steps to avoid attacks:

Never open an email that seems suspicious.

If you receive an email with a subject line such as “Account Suspended and Funds on Hold,” disregard it. If you are concerned, contact the institution directly and verify the situation.

Do not click on any links or attachments in the email.

If you receive an alert from a bank or other institution, it is best to not click on the link or download the attachment because it may contain malware that can infect your PC. Rather than clicking on the link, type the URL address directly into your browser so you can verify it is legitimate.

Think before sending sensitive data by email.

The security policies of banks, credit card companies, and other financial institutions are extremely strict. They can never ask for your bank information or credit card details in an email. Therefore, avoid sending any sensitive data via email.

 

How Does Trustifi’s Inbound Shield Protect You from a Phishing Threat?

 

Trustifi provides advanced protection against cyber threats to an organization’s email system. Trustifi features the Inbound Shield that acts as an email filter. As soon as Trustifi’s Inbound Shield is deployed to your company’s email system, sophisticated AI software begins scanning every email received by your server. Each incoming email is placed in a sandbox where Inbound Shield’s multi-layered detection scans everything about the email including sender, email subject, content, links, and attachments. To be deemed safe, an email must pass all tests at each layer.

The email is scanned in 3 parts and has a unique and advanced approach for each part.

Email Content and Headers

AI detects and classifies BEC, VEC, Spam, and GRAY.
Header analysis detects spoofing and impersonation techniques.

Links – Advanced Methods to Catch the Most Sophisticated Phishing Sites

Deep analysis based on content, meta data, and domain reputation.
Proprietary method to catch zero-day phishing sites.

Files – Deep Scanning

Detects and neutralizes links inside files.
Searches zipped and archived files.
Sand boxes all messages until they are determined safe.
Seeks out Trojans, viruses, and malware.

Learn how you can protect yourself and your company with Trustifi’s Inbound Shield. Contact a Trustifi representative today to view a demo and see how simply and affordably Inbound Shield can safeguard your systems.