It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams.
Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers. Additionally, there are infinite savvy social engineering ploys that easily evade most of the email defenses in use today.
How Do Phishing Schemes Happen?
Interestingly, these incredibly complex scams can be deployed with fairly simple methods. Threat actors have become highly skilled at impersonating brands or domains or spoofing individual emails to steal account holder credentials. How does this occur? Unfortunately, both employees and customers are often too trusting of emails that make it to their inboxes. These scams often impersonate people of authority and target employees who have access to financial information and present a time-sensitive scenario, such as needing an “urgent wire transfer” to pay an invoice for a supposed vendor. The bank account for that vendor is, of course, one controlled by the cybercriminals. With this method, BEC actors trick unsuspecting employees out of millions of dollars each year.
To compound the problem, bad actors have evolved their strategies and discovered that targeting anyone along the org chart—even interns—can result in a breach when they ask for (or offer) something as simple as a free iTunes gift card. These same threat actors realized that they could compromise employee inboxes, providing an avenue to sift through emails to identify additional opportunities for fraud. In tandem, threat actors can set up and send multiple phish from the central attack infrastructure—whether they are fake sending domains or IPs.
Prevention & Mitigation through Customer Phishing Protection
Being able to detect a phishing scheme early in its lifecycle is the first step in reducing risk. This is why Fortra provides a comprehensive customer phishing protection offering from Agari and PhishLabs: to prevent, detect, and disrupt phishing attacks. As phishing campaigns and infrastructure multiply, many organizations find themselves in need of more proactive and robust protection that can deliver the email authentication, risk protection, threat intelligence, and mitigation capabilities necessary to successfully fend off attacks.
Agari analyzes two trillion emails per year claiming to be from domains across the world’s largest cloud email providers. By combining Agari’s tools with third-party sender knowledge, your organization’s legitimate email can be authenticated, and unauthorized messages blocked from reaching customers. This is accomplished through Agari DMARC Protection, which stops phishing by automating the process of DMARC email authentication and enforcement to protect customers from cyberattacks.
How? During a phishing scam, DMARC failures identify a threat or suspicious message once it launches and the intel included in that specific failure report is automatically fed by Agari to PhishLabs without the need for intervention from a SOC team member. And once a threat is identified, mitigation is immediately pursued without requiring any client intervention, reducing the amount of time needed to address threats and shut them down.
This direct integration between Agari and PhishLabs expedites the phishing detection process exponentially. It can also disrupt more phish by taking down the campaign attack-sending infrastructure. In some instances, Agari reports will provide additional intelligence on the sending infrastructure, and PhishLabs will pick this up and identify the infrastructure details, gather malicious evidence, and then pursue takedown. And once the central infrastructure is down, it substantially disrupts a threat actor’s ability to stage additional phishing campaigns.
Detection through Digital Risk Protection
PhishLabs’ Credential Theft Service automatically integrates the intelligence collected from Agari DMARC Protection into an extensive collection apparatus that consumes a broad range of sources, including:
- Spam feeds
- Domain registrations
- SSL transparency logs
- Passive DNS monitoring
- Active DNS queries
- DMARC failure reports
PhishLabs continuously mines this intelligence to proactively detect phishing campaigns early in the attack cycle. By integrating Agari’s collected intelligence, PhishLabs can identify threats and take immediate action to disrupt them using automated kill switches and preferred escalation integrations. PhishLabs also uses Agari’s machine learning capabilities driven by research-backed data science to pursue the mitigation of underlying campaign infrastructure to further disrupt phishing attempts, leading to the deterrence of future attacks.
By combining best-of-breed services, Fortra's Customer Phishing Protection Bundle from Agari and PhishLabs significantly reduces the complexities associated with stopping phishing campaigns and helps enterprises achieve end-to-end phishing protection through a trusted partnership and seamless integration.