Prevent Email Phishing Attacks This Summer With 3 Countermeasures

With summer vacations forcing employees out of the office, phishing attacks are on the rise. Here are three ways businesses can stay prepared.

Image: Gstudio/Adobe Stock

Now that summer is approaching, it seems that everyone is on vacation. Just take a quick look at the number of OOO (out of office) replies piling up in your inbox.

While the organization needs to adapt to doing business as usual with 75% of the workforce on-site, it is now even more prone to phishing attacks.

In the ever-evolving war between hackers and organizations, 3.4 billion phishing attacks rain down on us every day. Each attack is better than the last, and the art of deception advances rapidly. With summer vacations on the rise, so are the OOO responses, turning summer into Christmas for hackers. This is because OOO responses provide these bandits with information to launch spear phishing attacks.

While employees really want to remain diligent and not miss emails while they’re away, each OOO response inadvertently provides information about the owner of the mailbox, such as dates, forwarding contacts, alternate emails, phone numbers, titles, etc. and possibly even vacation location details. Such information is “hacker’s paradise” as there are so many details to create advanced and targeted phishing attacks that can hit employees as soon as they return from vacation.

SEE: Cybercriminals’ phishing kits make credential theft easier than ever (TechRepublic)

For example, a phishing attack might look like this:

Hi Joe,

It’s good to have you back from your vacation. I hope you enjoyed.

I just wanted to remind you that you need to update your security information.

Click here to complete your process.

The SOC team

The example above is just one of thousands showing how a personalized email can easily lead employees, who haven’t been trained in phishing attacks in a while, to click on a link that will lead to a significant data breach. Given that the current average cost of attacks is $14.8 million, up from $3.8 million in 2015, it is suggested that organizations increase their security awareness, especially now during the summer.

3 protective measures for the summer

The guidelines below assume that a security awareness program is already in place. If employees receive monthly training to spot phishing attacks, this practice would be tested once they return from vacation and check their inbox.

Provide employees with guidelines on what to write and what not to write on the OOO notice

Information shared in OOO responses can increase the likelihood of spear phishing attacks. Therefore, create policies and guidelines on what an OOO response should be.

While each organization carries out its own set of policies when it comes to cyber hygiene, it is recommended that OOO responses do not include custom emails, phone numbers, or forwarding names. Rather, if email forwarding is necessary, consider using a dedicated mailbox address that can be turned off soon after. Do not indicate the reason for OOO or the location of the trips. Keep it short. Keep it safe.

Provide employees with summer guidelines for corporate device security

Employees traveling abroad, especially for long vacations, may bring their laptops or other corporate devices with them. Laptops can be stolen or left behind in a random coffee shop, and even without that risk, working conditions that lack safety hygiene expose employees more than usual to unprotected public Wi-Fi networks, with higher chances of malware to be installed.

SEE: Mobile Device Security Policy (TechRepublic Premium)

We recommend providing employees, just before traveling, with your policies on laptop security, use of public Wi-Fi and which systems can be accessed via public Wi-Fi, and how to check email on non-personal devices .

Install anti-phishing software

To reduce the burden of phishing detection on employees, anti-phishing software can help. This software inspects the content of emails, websites, and other forms of data accessed over the Internet, and then warns the user of a threat. This safety net can also block potential phishing emails before they reach a person’s inbox.

Why it is important to run phishing simulations every month

Running phishing simulations continuously, at least once a month, provides hands-on experience that is invaluable in learning and maintaining good cyber habits.

Phishing simulations, especially those that are customized, teach employees how to deal with phishing attacks through real-world practice, leading to higher retention. Such awareness training programs are most effective when they occur regularly and more frequently and focus on the threats employees are most likely to face based on their job function, department, or location.

Organizations that train their employees before the holiday season can rest assured that this knowledge will carry over into the summer.

When dealing with hackers, we must not forget that they advance every day. Only the constant training of your employees is the remedy to keep your organization safe.

Omer Taran
Omer Taran, CTO and co-founder of CybeReady

Omer Taran is the co-founder and chief technology officer of CybeReady. As co-founder, Omer serves as the company’s resident technologist. His vision for CybeReady drives him to develop a product roadmap that serves a variety of enterprise customers by combining best practices in learning with innovation. He is known for bringing ideas to life quickly and accurately. Omer’s vast technical skills are rivaled only by his punning skills.

Leave a Comment