Table 1.
Mitigation points for phishing attacks
| Scene function | Script action | Situational control | Mitigation measures | |
|---|---|---|---|---|
| Objective | Tactic | |||
| Preparation |
Scour online for emails Obtain email addresses |
(1) Increase the effort of a successful phishing attack. | Limit presence in OSINT | Limit personal info available to the public |
| Set up phishing infrastructure | Block subscription to unknown websites | |||
| Entry | Trigger phishing infrastructure to send emails | Restricted access by users |
Avoid publishing personal or business email addresses online Avoid using business emails for personal subscriptions |
|
| Protected access for users |
Email filter Automatic spam folder Honey accounts Disable compromised credentials |
|||
| Precondition |
Wait for email response Wait for URL clicks Wait for attachment to open |
(2) Clarify users’ responsibility | Promote acceptable behavior |
IT training Promote organizational email policy Develop credential disclosure policy Award programs for good email practice |
| Awareness/reminders |
Banner alerting potential scams Banner alerting emails from outside organization Flag suspicious URLs in emails Display sender’s true email address Display “reply to” |
|||
|
Instrumental pre-condition Instrumental initiation |
Collect credentials Enter target network Locate PII |
3) Increase the probability of detecting a phishing attack | Better guardianship |
Email reply tracking IP-based monitoring Monitor email exchanges and login attempts Domain verification |
| User authentication |
Strong passwords MF authentication |
|||
| Instrumental actualization | Access PII | (4) Limit phishers’ ability to find sensitive information | Access control |
Privileged access Multiple-person sign off on access to data Limited access to users in local network or VPN |
| Doing | Extract PII | Network security |
Network segregation Firewalls Intrusion detection/prevention systems |
|
| Database security | Data encryption | |||
| Data backup | ||||
|
Automatic OS and software updates | ||||
| Post-condition | Exit the system | (5) Discourage similar attacks |
No public disclosure of exploited vulnerabilities VPN access to IT |
|
| Exit | Close remote connection | |||