What We Do
How we do it
Resources
SECURITY ADVISORIES
Sep 23, 2021
SolarMarker Malware Activity
THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user credentials.…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Search
Resources
Blog — Sep 01, 2021

Don’t Get Reeled into a Phishing Scam

It’s an age-old story: you open an email sent from your bank notifying you of suspicious activity in your account and you have to log in to verify that activity. You click the link provided and when you try to log in, you continually see an error message. Eventually, you give up, open a new browser tab to go to the bank’s website, and are relieved to find out everything is as it should be.

Phishing, though an old tactic, continues to be popular due to its simplicity and effectiveness. When targeting organizations, the primary objective of phishing is simple: to gain a foothold into the company’s environment and launch a cyber attack.

Phishing scams target the weakest link in the cybersecurity chain: the user. In fact, a recent survey showed that 57% of survey respondents said their organization had dealt with a successful phishing attack in 2020.

The industry has seen a notable uptick in overall phishing activity and it’s likely that the pandemic, in part, drove that spike. Although cyber criminals have used COVID-19 to lure their victims into visiting fake websites and downloading malicious payloads, they have also taken advantage of organizations being forced to move to a remote workforce.

Although conducting phishing and security awareness training programs are required across numerous industries, many organizations settle for one-and-done training programs, especially if they are using licensed training modules. While the cybersecurity teams address issues that may arise with network, cloud, and endpoint security, there is still a need for CISOs to ensure that the internal end users are properly trained and aware of their role in preventing a successful breach.

Unless your employees are retaining the information they are learning, your organization may still be challenged with low cyber awareness and opportunities to improve its cyber resiliency. Additional challenges that organizations face include:

What Phishing Scams Look Like in 2021

Today’s phishing emails are much more sophisticated. Threat actors have perfected the art of designing the ideal email that not only mimics the email layout of the sender, but mirroring the language used by the sender as well. This helps to convince their target that the message is from a trustworthy source, like a bank, healthcare organization, government department, or even a friend.

Although traditional phishing emails were sent as bulk campaigns to average individuals, there has been a massive uptick in the use of business email compromise (BEC) attacks. According to the FBI, BEC attacks target “businesses that perform electronic payments such as wire or automated clearing house transfers. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques resulting in an unauthorized transfer of funds.”

Threat actors have relied on phishing tactics such as spear-phishing and whaling to conduct BEC attacks:

Spear-phishing and whaling scams can be even harder to spot, especially if the sender is pretending to be someone you know. With BEC attacks, employees can easily be sent a simple email from someone impersonating the company’s CEO asking them to wire a large sum of money immediately.

How Can Users Spot a Phishing Scam?

No matter how real it looks, take every email with a grain of salt — especially if it’s one you weren’t expecting to receive. Some red flags include:

If you receive a message that you’re not 100% certain is real:

Conducting Managed Phishing and Security Awareness Training

In today’s threat landscape, security leaders shouldn’t expect that a one-time training exercise for their employees will be sufficient in raising security awareness. The key is to implement a training program that can be iterated upon, especially since employees don’t always understand where they go wrong, limiting their ability to ward off real threats.

A comprehensive phishing and security awareness training program tests the capabilities of your team on understanding phishing threats and the escalation procedure, and more importantly, trains them on a continuous basis.

With eSentire’s Managed Phishing and Security Awareness Training solution, when an employee fails a phishing simulation, they are notified immediately of the result and are required to take additional training to learn more.

In fact, we have robust phishing libraries that consist of hundreds of templates to ensure that your employees are tested against real-world scenarios, not commoditized and easy-to-spot templates.

Additional benefits of eSentire’s Managed Phishing and Security Awareness Training include:

Drive Behavioral Change with Your Employees

On September 14, 2021, Mark Sangster, Vice President and Industry Security Strategist, will be partnering with (ISC)2 to explore how organizations can build a comprehensive training and testing program that leverages realistic threat scenarios to foster context-relevant security awareness that drives behavioral change.

Register for the webinar here.

Learn more about eSentire’s Managed Phishing and Security Awareness Training, book a meeting with us today.

eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.