Phishing Protection Best Practices

Today Bank Info Security reports that a Ukraine bank warns of a new massive malware campaign about to be launched. Here’s the line that’s most frustrating: “It added that the attacks have been spreading via malicious Microsoft Word documents attached to emails.” So here are some best practices to follow to harden your org against phishing attacks:

  • Use GPO to disable macro execution in office documents
  • Don’t let employees log in as admin
  • Block unnecessary file extensions at email gateway (e.g. do people really send legit .dotm files)?
  • Use an email protection solution that analyzes and blocks malicious attachments before they are delivered to inboxes
  • Preface subject line of externally-sourced email with tag like [EXT]
  • Keep current with patching and updates
  • Train employees to “think before you click” (though don’t count on it as an effective preventative control)

Most of this advice is common sense. But if I’m just preaching to the choir, why are phishing-based attacks against orgs still so damned successful?

References

Ukraine Central Bank Detects Massive Attack Preparation: https://www.bankinfosecurity.com/ukraine-central-bank-detects-massive-attack-preparation-a-10209

List of Microsoft Office file extensions (block most of these): https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions