Phishing is the attempt to acquire sensitive information such as usernames, passwords, financial information, (including but not limited to credit card and banking information), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication, however as an extension there can be communication via telephone to add legitimacy to the transaction.

The following tips are intended to assist in the prevent of malicious emails

• Put an anti-spoof filter on the MTA, this means nobody from the outside can spoof an organizations domain
• Put a flag in the subject line to identify external e-mails, user can optionally create an outlook filter or rule to color code it , example [EXTERNAL] or [Ext]
• Phish your employees to test employees understanding of phishing risks
• Have security awareness training and campaigns
• Block IPs and domains that are used for phishing
• Block Dynamic DNS
• Use Proofpoint MTA & TAP product to rewire all external url’s
• Secure communications: implement SPF, DKIM, TLS, DMARC protocols to the fullest extent possible
• Manage executive social media accounts
• Securely configure executive social media accounts
• Implement social media policies and guidelines
• Enable multi-step or multi-factor guidelines