Phishing: For MSPs, it’s an occupational hazard. And unfortunately, it’s not going away anytime soon. If anything, it’s getting worse.
Phishing is a type of social engineering in which a hacker sends an email pretending to be someone legitimate. The goal is to convince you to take immediate action, like typing in your credentials or sending money.
Phishing is usually the first step in the business email compromise process — but it extends to personal email accounts too.
Here’s an example:
You get an email that looks like it’s from Spotify, telling you your credit card info is outdated. If they don’t get a corrected credit card number by today, they’re locking you out of your account.
Panic!
I can’t miss my true crime podcast! And I need my comforting rain sounds when I go to sleep. And how will I get the latest Kendrick Lamar track?!
You click the link in the email, because your brain is full of the above questions — not the ones you should be asking yourself:
Wait, is this actually Spotify’s email format? Does that logo look a little bit off? And why didn’t I just get a notification directly in the app?
You plug your credit card information into the website, which looks similar to Spotify’s actual website.
But — you can see where this story is going — you just gave your credit card info to a hacker.
Now, since you work in this business, you do probably know better than to fall for something like this.
But most of your customers’ end users? They’re likely not as on guard.
In fact, phishing is one of the most common tactics hackers use to trick people: 74% of all cybersecurity breaches involve the human element, including social engineering tactics like phishing.
Unfortunately, phishing these days is easier than ever. All a wannabe hacker has to do is purchase a phishing kit.
A what?!
That’s right: Just like there’s Software as a Service, there’s also Phishing as a Service.
To illustrate this practice, let’s use a non-cybersecurity example.
Meet Andrew.
He’s just developed a slick new car engine analyzer … that always shows a false positive. Any time a mechanic runs the tool, the analyzer says the car in question needs a new head gasket replacement.
Every repair shop that uses Andrew’s analyzer can now take those (false) positive results to their customers — and charge $2,000 for a new head gasket.
Ouch.
Andrew gave the analyzer to 50 different repair shops for free, so he didn’t make money that way. But he does make a 25% cut on that $2,000 every time the repair shop sells another round of (unnecessary) head gasket services.
It’s a similar story for cybercriminals.
A more experienced hacker — let’s call her Laurie — will develop a “phishing kit.” Laurie gives that kit (for free) to a bunch of relatively new hackers. They put that kit on a server, run initial phishing campaigns, steal some access tokens and pass them back to Laurie.
She pays them $100 for their efforts. And then uses those tokens to initiate more sophisticated phishing schemes.
(And you thought you were just updating your payment info on Spotify — not falling prey to a whole criminal enterprise.)
Keeping your customers protected from phishing attacks is one of the most important pieces of your job.
Here are some initial practices to integrate into your business:
With advanced threat-detection capabilities, SaaS Alerts helps you give your customers stronger protection against all the lurking, wannabe phishers out there (and there are plenty of them).
SaaS Alerts provides:
Quick alerting mechanisms: Hackers move fast. It’s not sustainable to just hope you’ll be able to notice an attack in the moment. You need a system that will quickly trigger an alarm. These alerts are the bread and butter of the SaaS Alerts platform.
Automated remediation to shut down attacks: You can’t stop phishers from sending emails to end users. And you can’t stop end users from clicking.
But once they do click and a phishing attack advances to business email compromise, you can stop the action as soon as it’s detected. And the best part is you don’t have to be online 24/7 yourself.
Just set up your specific indicators of compromise, as well as the action you want SaaS Alerts to take (like account lockdown) and rest a little easier.
Advanced reporting capabilities: Pull data on how many attempted (and successful) attacks there have been on your customers’ environment. Armed with that information, you can make an even better argument to beef up training opportunities — and stop the next attacks right at the source.