Spear Phishing: What Is It and How to Protect Yourself

by Mark Farish, Senior Systems Engineer

What is Spear phishing (or email spoofing)?

Emails that are deceptive – ones that visibly look like they are coming from an individual or a company but realistically are not. This malicious act of sending an email with a forged “from” address. The emails are made to appear as if they come from you personally, or from one of your trusted contacts. It’s usually criminal hackers that hope to retrieve credit card and bank account numbers; even passwords and financial information from your personal computer. Beware!

How can I prevent phishing and spoofing?

Although it is impossible to stop all hacks, you can take some simple measures to protect yourself from being a victim.

  1. Never click on links in an email that you are not expecting or if you do not know the sender. And do not click on links that solicit you for account information or suggest that you download unfamiliar attachments.
  2. Protect your email address. Email accounts can easily be compromised from unsecured Wi-Fi networks; never connect to unsecured networks.
  3. Do not download or open attachments from unknown senders. If you think the email looks suspicious, delete it and immediately notify your support team.
  4. Learn how to decipher email message headers, including understanding the source of the message

Helient Systems recommends implementing Email gateway polices to block unwanted phished or spoofed emails. These policies specifically target unwanted inbound spoofed email. For instance, if your domain receives an email that originated from outside your network and the From address is user@yourdomain.com, this should raise a red flag. It is atypical to receive an internal email that is generated from outside of your network. It is highly likely that this is a phished or spoofed email.

Natively to Microsoft Exchange, certain transport rules and permissions can be applied to prevent legitimate messages sent without authentication and with your domain in the From header.

Additionally, if your organization is using an external email hygiene provider, there are additional mechanisms to control these messages.

If you are a Mimecast customer, you can implement an Inbound Lockout Policy. Read more about this policy from Mimecast.

To create and implement an Inbound Lockout Policy, log into your Mimecast administrator portal. Next, go to the Administration Console:

  1. Click on Gateway and select Policies
  2. Select Inbound Lockout Policy
  3. Click New Policy
  4. In the Options section make the following selections.
    • Enter a Policy Narrative description
    • Select Apply Firewall Lockup (Exclude Mimecast IPs)
  5. In the Emails From section make the following selections
    • Address based on: Both
    • Applies from: Email Domain
    • Specifically: enter you domain name
  6. In the Emails To section make the following selections:
    • Applies To: Everyone
    • Specifically: Applies to all Recipients
  7. Set Validity to Enable and the policy as perpetual – Always On
  8. Save and Exit the policy

In addition, you can utilizes Sender Policy Framework (SPF) which records on your DNS zone and validates that a message being sent from your domain came from an actual authorized mail server. This allows a company to designate the hosts or sources that are allowed to send mail on behalf of your domain.

For more information on SPF and common mistakes when creating SPF records, see theOpenSPF web site. Also always be careful when using includes in SFP polices. Learn more about SPF Includes at OpenSPF.

Mimecast customers wishing to implement SPF in addition to Lockout Policy, please read theMimecast Knowledge article.

To create SPF records for Office 365 in DNSMadeEasy, follow this Microsoft articleinstructions. For help with creating records for other DNS providers, click on this Microsoft support article.

Helient also recommends that you always follow Microsoft best practices for configuringExchange Online Protection.

Google Apps provides support for SPF. You can find detailed steps here at Google support.

Symantec Cloud/MessageLabs users can follow Symantec’s knowledge based articles for details on Anti-Spam detection settings.

It is important that you create any of these polices with care. Improper configuration can result in email delivery failures. For assistance with setting up Gateway or SPF policies, or for help with determining spoofed email, please contact us at (732) 204-7410 or service@helient.com.