Threat Category: Authentication: User or Device to Remote Service
ID: AUT-9
Threat Description: Phishing emails have been prevalent for a very long time. These emails typically link to websites geared at specific individuals, departments, or companies, and may be designed to look like their genuine counterpart with the intention of capturing credentials.
Threat Origin
Phishing Defenses for Webmail Providers 1
Exploit Examples
Your Account PayPal Has Been Limited Phishing Scam 2
CVE Examples
Not Applicable
Possible Countermeasures
Ensure corporate e-mail policy is configured to scan for suspicious files, executables, or attachments, and segregate such emails to increase end-user awareness of their potential to contain malicious content.
Deploy email and web proxy services that will examine URL resources for malicious content, and if any is found, prevent delivery of the message to the intended recipient.
Deploy email filtering tools or services that will automatically remove detected URLs from the body of emails from untrusted domains.
Educate end users on how to recognize phishing attempts and increase their awareness of techniques to browse safely from mobile devices, such as tap-and-hold on a hyperlink to examine its associated URL.
References
R. Graves, Phishing Defenses for Webmail Providers, white paper, SANS Institute, 2013; www.sans.org/reading-room/whitepapers/email/phishing-detecton-remediation-34082 [accessed 8/258/2016] ↩
C. Boyd, “‘Your Account PayPal Has Been Limited’ Phishing Scam”, blog, 8 May 2015; https://blog.malwarebytes.com/cybercrime/2015/05/your-account-paypal-has-been-limited-phishing-scam/ [accessed 8/25/2016] ↩