THM: Phishing Prevention

Introduction

What?

• Email Security (SPF, DKIM, DMARC)

• SPAM Filters (flags or blocks incoming emails based on reputation)

• Email Labels (alert users that an incoming email is from an outside source)

• Email Address/Domain/URL Blocking (based on reputation or explicit denylist)

• Attachment Blocking (based on the extension of the attachment)

• Attachment Sandboxing (detonating email attachments in a sandbox environment to detect malicious activity)

• Security Awareness Training (internal phishing campaigns)

Why?

To help protect people from falling victim to a malicious email.

How?

• Smarter mailservers

• S/MIME

• Patterns for NTA

• SMTP and C&C communication

• User training