Teacher
Professional
- Messages
- 2,669
- Reaction score
- 818
- Points
- 113
• According to the MITER database (https://attack.mitre.org/), many APT groups begin their attacks with phishing mailings to corporate mail. To protect users, there are Security Gateways, or Email Security Gateways (https://expertinsights.com/insights/top-11-email-security-gateways/). But they are useful only if they are properly configured.
• Spam filters use several metrics to rank a message. Among other things, both the content and the title are analyzed. An attacker will often not have any information about the details of how antispam works (including what it is), so it is worth following general tips on how to overcome spam filters:
• Google each time a list of words that are often found in spam, because such lists can be updated. Try not to use these words in your letter;
• Do not abuse punctuation marks;
• Do not use different combinations of font sizes, text colors, styles, words written in upper case.
• Do not use many links in the letter, especially to different domains;
• If you insert links, then do not shorten them;
• Don't add too many images unnecessarily;
• Learn the phishing methodology.
• The letter should not be empty and contain only attachments;
• If the letter includes links to a site with malicious content, then do not attach the link to the file directly - the systems can notify the IT or information security personnel, and the attack will come to naught with the proper reaction of these employees;
• Be sure to read the detailed phishing guide.
• Think carefully before attaching malware directly to an email. Even if it is packed into an archive and encrypted, this does not guarantee success - the protection systems may use a policy not to allow incoming encrypted files from foreign mail domains;
• Try not to attach large files to messages. The size of the letter itself should also be small;
• Monitor the requirements of popular mailing services for mailings. For example, the requirements of Mail or Google;
• Think how believable this letter would seem if it came to you;
• It will not be superfluous to use services like mail-tester (https://www.mail-tester.com/) to check the rating of the letter.
• Spam filters use several metrics to rank a message. Among other things, both the content and the title are analyzed. An attacker will often not have any information about the details of how antispam works (including what it is), so it is worth following general tips on how to overcome spam filters:
• Google each time a list of words that are often found in spam, because such lists can be updated. Try not to use these words in your letter;
• Do not abuse punctuation marks;
• Do not use different combinations of font sizes, text colors, styles, words written in upper case.
• Do not use many links in the letter, especially to different domains;
• If you insert links, then do not shorten them;
• Don't add too many images unnecessarily;
• Learn the phishing methodology.
• The letter should not be empty and contain only attachments;
• If the letter includes links to a site with malicious content, then do not attach the link to the file directly - the systems can notify the IT or information security personnel, and the attack will come to naught with the proper reaction of these employees;
• Be sure to read the detailed phishing guide.
• Think carefully before attaching malware directly to an email. Even if it is packed into an archive and encrypted, this does not guarantee success - the protection systems may use a policy not to allow incoming encrypted files from foreign mail domains;
• Try not to attach large files to messages. The size of the letter itself should also be small;
• Monitor the requirements of popular mailing services for mailings. For example, the requirements of Mail or Google;
• Think how believable this letter would seem if it came to you;
• It will not be superfluous to use services like mail-tester (https://www.mail-tester.com/) to check the rating of the letter.
