I'm dealing with a serious issue regarding sophisticated credential phishing attacks. Recently, I've encountered a situation where an adversary hacks a user's Outlook inbox in another organization and creates shareable links to files in their SharePoint. These links are malicious but appear legitimate because they're sent from a compromised account within a trusted organization. The emails come through as regular notifications from Microsoft, making it difficult to detect the threats. Given that most users report these issues only after being targeted, I'm looking for the best strategies to combat these undetectable phishing attacks. Any advice?
3 Answers
User training is essential, but you should also consider using browser inspection tools like a CASB product. This can help mitigate risks as users navigate potentially dangerous links.
One of the first things you can do is stop adding organizations to your whitelist. Our whitelist has zero entries. If organizations want their emails delivered, they need to set up proper security measures like SPF, DKIM, and DMARC. Remember, we're in the Zero Trust era now; you should trust no one, not even your colleagues or newly provisioned devices. User training is crucial, along with policies addressing testing failures—like serious consequences for repeat failures.
Consider using Mimecast for URL protection and inspection. If a user clicks a bad link, Mimecast can sandbox the link and test it against your defined security policies. If the link is deemed legit, they can proceed; if not, it gets blocked with a notification. While it's not perfect, it helps reduce risks. Just beware that it may not catch everything—especially compromised accounts that send malicious SharePoint links.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures