Spear Phishing Defenses

MattSpeller

Our company is getting spear phished really hard. They're emailing our CFO and CEO pretending to be one another and trying to get them to visit malicious sites and send banking info. As an IT staff member I feel particularly helpless and that pisses me off.

Suggestions?

Deleted74295

SPF record with hard fails.

coliver

@MattSpeller said in Spear Phishing Defenses:

Our company is getting spear phished really hard. They're emailing our CFO and CEO pretending to be one another and trying to get them to visit malicious sites and send banking info. As an IT staff member I feel particularly helpless and that pisses me off.

Suggestions?

Education... and set up an SPF record to lock down your domain to only your servers. Have a good disaster recovery plan in place for the inevitable time when they do click on one of the links.

MattSpeller

After some investigation (this is not my strong suit, learning lots) we do indeed have SPF enabled and I tested it - it's also setup correctly

MattSpeller

Beyond education are there any other steps I can take?

We came darn close to disaster and it's really bothering me

Deleted74295

DKIM is the next step up from SPF records.

What anti spam filter are you using?

scottalanmiller

@MattSpeller said in Spear Phishing Defenses:

Our company is getting spear phished really hard. They're emailing our CFO and CEO pretending to be one another and trying to get them to visit malicious sites and send banking info. As an IT staff member I feel particularly helpless and that pisses me off.

Suggestions?

Remember.... while IT should help when possible, spear phishing is the responsibility of the people, not of IT. It's an HR problem within the security context, not an IT problem. It's wetware, not technology that is targeted and might fail.

scottalanmiller

@MattSpeller said in Spear Phishing Defenses:

Beyond education are there any other steps I can take?

We came darn close to disaster and it's really bothering me

Should not be bothering you, should be bothering your CEO and CSO. What actions are THEY taking to ensure education?

scottalanmiller

Are you blocking internal domain emails coming from the outside?

MattSpeller

@scottalanmiller I'm going to investigate the blocking stuff this afternoon and make sure it's all in place.

It's easy to say it's not really our responsibility but I enjoy working here and I want this company to succeed. Right now the phishing is a direct threat and I'm not one to back down. There may end up being nothing I can do beyond education but I want to be god damned sure that's the case.

aaron-closed account

This post is deleted!