For the last several years, phishing has been the primary attack vector for various threats including malware, ransomware, credential theft, and account takeovers. Human error is responsible for phishing and social engineering success, as most attackers know that playing on a sense of urgency can bypass any cybersecurity training and trick employees into divulging sensitive information or installing malware.
To make matters worse, it only takes one successful phishing payload for attackers to get what they want. Small businesses might have fewer employees, but these businesses don’t have the resources in place to stop sophisticated attacks. Even with an office of only a couple dozen employees, just one employee’s mistake could allow for a data breach. For small businesses, a successful malware attack could destroy revenue and eventually put the organization out of business. It’s because of this outcome that small and large businesses must take necessary steps to stop URL phishing email messages from reaching a targeted user’s inbox.
Did You Know?
cyber attacks begin with phishing
to seamlessly install PhishTitan
estimated global cybercrime cost
to stop & spot a phishing attack
What is URL Phishing?
Before getting into how to stop URL phishing, you should have a good understanding of what it is so that you can recognize it. Employees should also be able to recognize a malicious URL in an email, but their education and defenses should be used as a failover in case your chosen cybersecurity tool flags a malicious message as a false negative.
URL phishing comes in several forms, but the most widely used forms use legitimate businesses to mask their intent. For years, PayPal’s logo and website layout were commonly used to trick users into divulging their credentials for the site or sending money to cyber-criminals. With the success of PayPal phishing emails, cyber-criminals expanded their strategies and began using other businesses as well.
Email-based threats with malicious links embedded in their messages are URL phishing attacks. They’re difficult for corporations to detect because the true payload is located on the domain rather than in the email itself. The link may point to a downloadable file that contains malware, or the link could point to a malicious web page built to look like a legitimate business. In the latter scenario, the attacker’s primary goal is to trick users into divulging their corporate network credentials or credentials to financial accounts.
Cyber-criminals Use Several Forms of URL Phishing:
- URL redirection: Using a legitimate site’s URL redirection vulnerability, the link could use a legitimate site but a malicious URL is used in a query string variable that redirects users to a phishing page. For example, legitimatesite.com?r=malicioussite.com would display a legitimate site in a link but the legitimatesite.com’s redirect vulnerability allows for phishing.
- Hypertext masking: The text shown for a link can be customized to use wording other than the link’s location. Attackers might use “legitimatesite.com” as the hypertext but hovering over the link shows that it points to malicioussite.com.
- Typo squatting: Cyber-criminals register domain names very similar to a legitimate business hoping targeted users don’t notice the misspelling in an email’s phishing link.
- Subdomains: A subdomain with a legitimate-looking business name displays when users hover over a link, but they don’t notice that the domain is microsoftoffice365.malicioussite.com and not the official Microsoft site.
Email-based threats with malicious links embedded in their messages are URL phishing attacks.
URL Phishing and Office 365
Microsoft Office 365 is common in an enterprise environment. It’s common for its compatibility with several other applications, and it runs in the cloud for easy collaboration and sharing of corporate documents. Because of its popularity, Microsoft Office 365 makes a great target for cyber-criminals to build strategies using URL phishing. This makes Office 365 a security risk for enterprise businesses with integrated Microsoft tools.
In addition to URL phishing, Microsoft Office 365 uses documents compatible with integrated macros and automation tools. A sophisticated cyber-criminal group authors macros used to download additional malware, which can then be used to take over a local machine or install ransomware on the corporate environment. Microsoft has its own Defender product to help detect and mitigate phishing email messages, but it’s not a fully effective tool. It’s widely known that corporations need an additional layer of cybersecurity to act as a failover when Microsoft Defender does not pick up on a malicious link embedded in the email.
Risks Associated with URL Phishing
Some people don’t understand the risks associated with simply clicking a link. Several types of attacks target people with outdated browsers or vulnerable browser versions that allow malware to run on a local machine. Cross-Site Request Forgery (CSRF) uses vulnerabilities on a targeted site to trick users into clicking a phishing email and using their authenticated account to perform an action in the context of the user session.
For corporations, a successful phishing attack could lead to a dangerous data breach where millions must be spent on incident response, containment of the threat, recovery, investigations, and litigations. Many of today’s largest data breaches start with a malicious email containing an embedded link to a phishing web page.
Ransomware is commonly paired with phishing threats. Cyber-criminals only need one person out of every employee to fall for a phishing email containing ransomware to successfully deliver their malicious payload. After ransomware installs on just one local machine, it scans the entire network for valuable data and encrypts it. It’s a devastating attack for businesses that must have a good backup strategy to recover from ransomware. Even with good disaster recovery exercises, a successful ransomware attack could destroy productivity for potentially weeks before the business is fully functional again.
The average cost of a data breach is a reported $4.25 million
What You Can Do to Protect from URL Phishing
The average cost of a data breach is a reported $4.25 million according to IBM Security’s ‘The Cost of a Data Breach’ report. For a small business, this can be a devastating impact on revenue and operational costs. It puts some companies out of business when ransomware destroys corporate data and stops productivity. It’s imperative for corporations to take a proactive approach to email-based threats including any messages containing malicious URLs.
URL filtering is the most common and effective way to stop phishing email messages. An effective URL filtering cybersecurity tool analyzes messages based on millions of data points using artificial intelligence and quarantines any message found to contain a malicious link. A quarantine location holds the message until an administrator can review it for malicious content. The process is completely automated, so administrators need to set their preferences for the environment and check the quarantine occasionally to determine if the organization is under attack.
Other cybersecurity strategies complement a good URL filtering system. Content filters block users from accessing malicious domains. Should an attacker bypass any URL filtering protections, the content filtering system blocks users from accessing malicious domains in their browser. It’s a safety net that reduces risks even further from email-based threats. Content filters are used for general cybersecurity protection to stop web-based threats from phishing and block users from accessing inappropriate sites that could be used for malware downloads.
Employees need to know how to detect phishing URLs and email-based threats. Cybersecurity awareness training reduces the risks of a data breach even further. Training often involves simulations where employees receive email messages that mimic a real-world attack. Educate employees on phishing, social engineering, and the risks of falling victim to cyber-criminal activities, and an organization lowers the risks of human error.
SpamTitan Plus+ Can Help
TitanHQ has several products that greatly reduce risks of web-based and email-based attacks. SpamTitan is a sophisticated URL filtering tool that only takes a few minutes for administrators to install and configure based on their specific business requirements. It runs in the cloud, so managed service providers can take advantage of its protection for numerous customers from one centralized dashboard.
SpamTitan uses artificial intelligence to continually scan and analyze messages to find malicious attachments, URL phishing, textual phishing attempts, and nuisance messages. The SpamTitan tool allows administrators to better control cybersecurity on an email server, and it integrates with Microsoft Office 365 to add protection in addition to the Defender product.
With the SpamTitan tool, administrators can stop malware, ransomware, web-based threats, and social engineering that uses email messages to convince users to divulge sensitive information. The quarantine gives administrators the ability o review messages for any false positives, and lets them investigate email messages for ongoing attacks targeting the organization.
The Microsoft Office 365 protection stops threats from leveraging common productivity software to deliver an effective payload. SpamTitan identifies malicious messages in a user’s Exchange Server inbox and flags it for potential malware, spam, or URL phishing. Users have the advantage of knowing that a message could be malicious so that they can learn to identify future attacks.
Leaving users to gain access to any email with no protection is a setup for future data breaches. Corporations should take the necessary steps to effectively stop them, and SpamTitan is a well-rated tool known for its easy setup, few false positive results, world-class customer service and support, and a cloud-based solution designed for small and large businesses.
To get started, try out SpamTitan for 14 days free.
Susan Morrow
- DATA PROTECTION
- EMAIL PHISING
- EMAIL SECURITY