Stop Phishing: Automate Social Engineering Checks

TL;DR

Automate checks for common social engineering tactics like suspicious links and email addresses to reduce the risk of phishing attacks. This guide covers setting up rules in your email system, using browser extensions, and training staff.

1. Email System Rules

Most email providers (Gmail, Outlook, etc.) let you create rules to automatically handle suspicious emails. This is the first line of defence.

1. Identify Keywords: Think about words often used in phishing emails – “urgent”, “password reset”, “account suspended”, “verify details”.
2. Create Rules: Set up rules to flag or move emails containing these keywords.
• Gmail Example: Go to Settings > Filters and Blocked Addresses > Create a new filter. Enter the keyword in ‘Has the words’. Choose what happens – ‘Mark as spam’, ‘Delete it’, or ‘Apply label’.
• Outlook Example: File > Manage Rules & Alerts > New Rule. Start from a template like ‘Check messages with specific words in the subject’ and customize.
3. Sender Address Checks: Create rules to flag emails from addresses that don’t match your company domain or known partners. Be careful – legitimate emails might be caught, so review flagged emails regularly.

2. Suspicious Link Detection

Phishing emails often contain links to fake websites. Automate checking these links.

1. URL Scanning Services: Use services like VirusTotal (https://www.virustotal.com/) or URLScan.io (https://urlscan.io/). These scan links for malicious content.
2. Browser Extensions: Install browser extensions that automatically check URLs against known phishing databases and flag suspicious sites. Examples include:
   • Bitdefender TrafficLight: Flags dangerous websites in real-time.
   • Web of Trust (WOT): Provides reputation ratings for websites based on user feedback.
3. Link Rewriting Services: Some services rewrite links to go through a proxy server, scanning them before redirecting you. This adds an extra layer of protection.

3. Email Authentication Checks (SPF, DKIM, DMARC)

These technologies help verify that emails are genuinely from the sender they claim to be.

1. SPF (Sender Policy Framework): Specifies which mail servers are allowed to send email on behalf of your domain.
2. DKIM (DomainKeys Identified Mail): Adds a digital signature to emails, verifying their authenticity.
3. DMARC (Domain-based Message Authentication, Reporting & Conformance): Tells receiving mail servers what to do with emails that fail SPF and DKIM checks (e.g., reject them or quarantine).
4. Implementation: Configure these records in your domain’s DNS settings. Your email provider should have guides on how to do this.

   # Example SPF record for your DNS zone file
   v=spf1 include:_spf.yourdomain.com -all

4. Staff Training & Phishing Simulations

Technology alone isn’t enough. Train staff to recognize and report phishing attempts.

1. Regular Training: Conduct regular training sessions on social engineering tactics, including:
   • Recognizing suspicious email addresses
   • Identifying grammatical errors and urgent requests
   • Verifying requests through official channels (phone call, in-person)
2. Phishing Simulations: Send simulated phishing emails to staff to test their awareness. Use the results to identify areas for improvement. Many cybersecurity companies offer these as a service.
3. Reporting Mechanism: Establish a clear process for reporting suspicious emails. Make it easy for staff to report without fear of repercussions.

5. Monitor and Refine

Social engineering tactics are constantly evolving, so your defences need to adapt.

1. Review Rules Regularly: Check the emails flagged by your rules to ensure they’re accurate and not blocking legitimate messages.
2. Stay Updated: Keep up-to-date with the latest phishing trends and adjust your training accordingly.
3. Incident Response Plan: Have a plan in place for responding to successful phishing attacks, including isolating affected systems and notifying relevant parties.