It's a new education portal on phishing, where we point out some flaws in your domain configuration and tell you about best practices to be safer. We tried to be as simple as possible, so that everyone can read everything under 10 minutes. Plus we've added a Domain Verification tool so that organizations can see it their domain is compliant with certain security standards / best practices. Check it out here.
Phishing takes many forms. From plain fraudulent marketing to an insidious way of getting you to trigger that ransomware. It's basically the most common weapon for attackers using the email communication vector. And because over 90% of all attacks use fraudulent or malware emails in some way, that makes Phishing a real problem.
And the real solution?
We all know that everyone that relies on email communication (which is basically everybody!) needs to be permanently aware. But as important, organizations need to take adequate measures: the more cautious an employee is the better, but systems and processes need to be tuned as well!
Email has always been the primary gateway to attackers. Partially due to the current global pandemic and the explosion of remote work, scammers have increased the number of their new email campaigns, exploiting companies' reliance on their often misconfigured cloud email and the lack of security. Phishing attacks have remained a real threat and a popular method for stealing credentials, committing fraud, and distributing malware. Phishing attacks are often well-organized and perfectly executed attack campaigns done by crime groups. Some of their methods include building phishing sites, spoofing brands by using similar URLs, using custom domain names, and much more. It is important that organizations have their systems in place, well configured, several layers of security, and employees trained to act carefully with every single email!