Advanced phishing

Can you stop people clicking on links in phishing emails?

by Egress
Published on 7th Dec 2021

You’ve repeatedly carried out cybersecurity training – but employees still click on the phishing links that make it through your defenses. It’s a familiar frustration. Employees (even cyber experts) are only human, so mistakes can happen when people are tired, rushing or stressed.

Combine this with the fact that phishing attacks are getting more sophisticated every month, with some bypassing traditional security solutions like secure email gateways (SEGs), and there’s a persistent problem with people clicking on malicious links.

The answer? Intelligent anti-phishing solutions

People will always be more focused on getting their jobs done than applying cybersecurity best practice. It’s this urgency and eagerness to act that phishing emails exploit. However, do we really want colleagues poring over the details of every email that lands in their inbox for signs of phishing? It’s waste of valuable productivity when technology could be doing the hard work.

Egress Defend uses machine learning and natural language processing (NLP) to detect the most sophisticated phishing attacks that can slip through traditional anti-phishing security. Defend has been designed to work with your employees, empowering them to be a powerful line of defense against phishing emails rather than a vulnerability.

We’ll cover three key ways that Defend detects and neutralizes phishing threats:

  • Link rewriting
  • Educational banners
  • Configuration options

Link rewriting: Stop attacks in real time  

SEGs do offer link rewriting. They can encode URLs sent via email into links that redirect employees to the SEGs’ own servers, ultimately blocking people from visiting phishing websites. So why are your people still clicking on malicious links? Unfortunately, SEGs can offer a false sense of security when it comes to link rewriting.

There’s still a place for SEGs. They’re good at detecting what they recognize as dangerous, including blocking known viruses and filtering spam. However, that’s only if they can match a threat to a pre-established blocklist. When a threat is new, there’s nothing they can do about it. If a malicious link doesn’t contain any previously recognized threats or a URL isn’t weaponized at the point of delivery, a SEG won’t block it straight away.

Egress Defend works differently. It uses a blend of zero trust models, linguistic and contextual analysis, and social graph technologies can detect even the most sophisticated zero-day attacks. Defend reverse engineers all malicious emails, as well as malicious toolkits and templates that bad actors use, aggregating both positive and negative features to determine a threat level to the user in real time.

With our detection capabilities and zero-trust security models, we can detect new and unseen threats, regardless of where they come from.

Educational banners to stop risky security decisions

Traditional one-touch or infrequent cybersecurity training fails to stop phishing on its own, but there’s still value in educating employees.

With Egress Defend, it’s not a case of completely removing humans from the equation. Defend doesn’t block emails without warning or explanation – instead, it augments people’s behavior with real-time teachable moments delivered through a heat-based warning system of risk with visible but unobtrusive banners.

Your people can click on these banners and be taken to a webpage where the risks are explained in clear, simple terms. This helps employees to understand why certain emails are flagged as risky and empowers them to make better security decisions in the future. Of course, for high-risk phishing emails, you may want to take stronger action – which is where Defend’s configuration options come in.

Customizable responses to deter risky clicks

You might be thinking banners and educational pop-ups are great… But what if someone goes ahead and ignores it anyway? With Defend, that’s up to you. We offer a range of configuration options to suit what you need most from your anti-phishing solution.

If a person chooses to ignore a red (high-risk) banner warning and tries to click a phishing link anyway, they’ll hit our link re-writing page where we once again highlight to them that the email shows signs of phishing. People won’t be able to click on the link through our link re-writing page. If you prefer, the decisions can be taken away from employees altogether in high-risk situations and you can configure Defend to quarantine the emails at highest risk of phishing

With Defend, you can finally stop people clicking on phishing links without having to completely lock down their inboxes. IT teams enjoy the peace of mind of automatic remediation before a phish hits an employee’s inbox. And as a user experience, our real-time teachable moments are like having a cyber expert pop up when they’re needed, rather than having one breathing down your neck while you work.

See Defend in action

Learn more about Egress Defend here. Or if you’d rather try it out for yourself, claim your free no-strings-attached demo today.