By Natalie Hays, Mailgun by Pathwire
Phishing is pretty awful, whether you fall for a phishing attempt or have phishers pose as you. But how does phishing really happen and, even more importantly, how do you protect yourself?
The first 48 hours ā phishing edition
Phishing starts with wellā¦ the phishing. Someone sends out the attempt, sometimes posing as us, sometimes as a long-lost relative who just got a massive sum of money from an inheritance. Hopefully it lands in your spam folder, and you can happily delete it and move on with your day. Unfortunately the days of bad phishing email attempts are gone.Ā Many phishing attempts can look surprisingly legitimate.
So, people start falling for the phishing attempt, then what? If you fall for a phishing attempt, and the phisher gets your credentials, the phisher at that point might start sending emails posing as you.
The first 48 hours after the initial phishing attempt are the most important. If a threat actor is not stopped within that time window, they probably never will be.
Luckily, organizations who utilize email service vendors to conduct email marketing campaigns have a weapon on their side. When email services find out that a customer has been compromised, they can get to work right away.
Discovering phishing attempts
Email service vendors have security measures in place to notice unusual activity, and once someone tips the vendor off, they can move forward with disabling the account to keep the threat actor from causing more damage.
Email service vendors tend to hear about phishing attacks on customers fairly quickly viaĀ Twitter, abuse emails, or support tickets. While vendors have safeguards in place to protect accounts, the second they hear that an account has had unauthorized access or suspicious behavior, they can start to crack down.
The process of intercepting phishing threats
Typically, email service vendors take two routes to stop adversaries. First, they want to connect with hosting providers to help lessen the impact of the attack. The vendor will request that the website thatās posing as someone else is taken offline to keep future potential victims from also being phished. At the same time, the vendor will also keep an eye on all of the organizationās accounts for suspicious behavior and then flag them for review or disable them.
Itās important to note here that while phishers might have unauthorized access to an email service vendorās accounts due to a phishing scam, the databases from the vendor have not been compromised in any way.
Still, vendors want to protect accounts from these bad actors. If the email service vendor didnāt take down and disable those accounts, adversaries could still be using your account for phishing. That leads into a whole other can of worms like blacklisting, your deliverability taking a hit, massive credit card charges from phishers running up your bill, and your mailing list distrusting you.
That is why, when given the two options of leaving the account as-is or disabling it, the right email service provider will pick disabling every time. It protects accounts from further damage, and threat actors get locked out before they can spread their scammer wings.
Not all hope is lost though. If you or another user have found that theyāve lost access to their account, you can still get it back. Contacting the email service vendorās support team is the first step, and they can work with you to update your credentials from what they were when the phisher got a hold of them.
At this point, if you havenāt already set upĀ two factor authentication (2FA) for extra security, then now is the perfect time to do it. Extra security means fewer chances of getting locked out of your account.
Clues to spot phishers before damage is done
Phishing can happen to anyone at any time. Threat actors can send from anywhere and look like organizations you trust. While some phishing attempts are obvious, others are scarily convincing. For example, take a look at the email below:
Although it was pretty good, a few things gave it away. To start, the sender is bogus. The phisher wanted you to zero in on the āMailgunā name and forget about the actual email address following it. But in case you donāt catch that, the body of the email also had a few dead giveaways. Grammatical errors, weird content, old logos, and other slip-ups give away a phisher.
Thatās a quick look at what email service vendors do when they find out about a phishing attempt sent through one of their customers and what to look for if you get one in your inbox. Remember to be alert, and always verify when asked to perform an action.
