Q&A: Protecting against phishing attacks

We spoke to Tim Helming, Director of Product Management at DomainTools about the ongoing Phishing pandemic and what organisations can do to help protect themselves.

How does PhishEye work to proactively prevent phishing threats on an org’s network?

Phishing depends on domains, so if you can identify and block the domains in question, you disrupt the attack. PhishEye takes keywords that the user inputs, such as a company domain name or brand name, and generates a list of possible variants of that keyword. The variants include typos (such as domaint00ls, and many other 'species' of morphed spelling) and substring inclusions (such as domaintoolsaccount).

Then PhishEye searches our database of around 315 million current domains to identify offending domains that exist. Finally, and perhaps most importantly, the user can set up alerts so that they get notified when PhishEye discovers new matching domains. They can take these names and create custom blacklists to deny the phishing traffic, whether that comes in the form of the "from" domain in the phish, or a malicious link, or both.

What is DomainTools’ competitive advantage with this new cybersecurity solution?

Our visibility into the Internet as a whole. We have the largest database of Whois and related domain profile data, and this is driven by our domain name discovery capabilities, the most wide-reaching of their kind. If you're going to catch the most phish, you need the biggest net.

What makes phishing attacks so successful and what can organisations do to mitigate vulnerability?

They are a form of social engineering, and they prey on human traits and habits such as pattern recognition (our brains turn close typos into the real thing sometimes), trust (some spearphishers do a lot of homework to create a very convincing impersonation of a colleague or boss), and distraction. That adds up to people clicking things they shouldn't.

Education is a key part of this. Organisations should weave security awareness into the very fabric of their culture. It shouldn't be an add-on. Poorly trained employees can be a real liability, but well-trained ones can be a sensor network that helps the security team discover badness early in its progress.

With no signs of slowing down, how do you expect phishing attacks to impact enterprises in 2017?

Similarly to how they have been, unfortunately, though we certainly hope that PhishEye will put a dent in that! But APWG finds huge increases in the numbers of phishing domains, so it's clear that attack rates are going to climb. If enterprises' catch rates don't increase at a higher rate than the attacks, then the successes will mount.

The good news is that I think enterprises have a chance to drive their catch rates up through a combination of training, filtering tools, and alerting tools.

Image source: Shutterstock/wk1003mike