91% of cyberattacks start with a phishing email. This figure, regularly cited by cybersecurity experts, illustrates the scale of the threat. Fake bank emails, CEO fraud, supplier impersonation: techniques are constantly evolving. How can you protect your business? The answer combines technology and team training.
Understanding Phishing
Phishing involves impersonating a trusted entity to steal sensitive information: credentials, passwords, banking details, personal data.
The attack typically takes the form of an email that appears to come from a legitimate sender: your bank, an online service, a colleague, a supplier. The message creates a sense of urgency and prompts you to click a link or open an attachment.
Different Types of Phishing
Mass phishing targets a large number of recipients with the same message. Attackers hope that a percentage, however small, will fall for the trap. These emails are often crude and easy to spot (spelling mistakes, rough formatting).
Spear phishing is more targeted and more dangerous. The attacker has researched their target and personalizes the message. They may mention the name of an ongoing project, a real client, or use the usual writing style of the person they\'re impersonating.
CEO fraud (BEC - Business Email Compromise) is a formidable variant. An attacker impersonates the company\'s CEO and asks an employee to make an urgent and confidential wire transfer. Companies have lost millions of euros to this technique.
Clone phishing involves reusing a legitimate email you actually received, but modifying the links or attachments. The message appears authentic because it matches a real exchange.
How to Recognize a Phishing Email
With experience, certain warning signs become obvious. Here are the elements to check systematically.
The Sender\'s Address
This is the first reflex to have. Look at the actual email address, not just the displayed name. An email claiming to be from your bank but sent from "support@bank-security.xyz" is obviously suspicious.
Watch for subtle variations: an "l" replaced by a "1", an "o" by a "0", a similar domain (infomaniak-support.com instead of infomaniak.com).
The Tone and Content of the Message
Phishing emails play on urgency and fear:
- "Your account will be suspended within 24 hours"
- "Immediate action required"
- "Suspicious login attempt detected"
- "You have an unpaid invoice"
Legitimate organizations generally don\'t threaten to suspend your account via a simple email. When in doubt, contact the relevant service directly through another channel (phone, direct website access).
Hyperlinks
Before clicking a link, hover over it with your mouse to see the destination URL. If the address doesn\'t match the official website, don\'t click.
Be wary of URL shorteners (bit.ly, tinyurl) and direct IP addresses (http://192.168.1.1/...). Legitimate companies use their own domain names.
Attachments
An unexpected invoice or document should raise your suspicion, especially if the file is an executable (.exe), a script (.js, .vbs), or an Office file with macros (.docm, .xlsm).
When in Doubt, Don\'t Click
If an email seems suspicious, don\'t click any links and don\'t open any attachments. Contact the supposed sender through another means to verify the message\'s authenticity. Report the suspicious email to your IT department.
Infomaniak\'s Technical Protections
User training is essential, but it\'s not enough. Technical protections help block a large portion of malicious emails before they reach inboxes.
Built-in Anti-spam and Antivirus
Infomaniak email includes a powerful anti-spam filter that catches unwanted emails. Suspicious messages are placed in the spam or quarantine folder. An antivirus scans attachments and blocks those containing known malware.
SPF, DKIM, and DMARC
These three protocols work together to authenticate emails and prevent identity spoofing.
SPF (Sender Policy Framework) lists the servers authorized to send emails for your domain. An email sent from an unauthorized server will be flagged as suspicious.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails. The recipient can verify that the email was not modified in transit.
DMARC (Domain-based Message Authentication, Reporting and Conformance) tells recipients what to do with emails that fail SPF/DKIM checks: accept them, mark them as spam, or reject them.
Recommended Configuration
Infomaniak automatically configures SPF and DKIM for your domain. For DMARC, you can define a stricter policy in your DNS records. Start with a "none" policy to collect reports, then gradually move to "quarantine" or "reject".
Advanced Filtering
Beyond standard anti-spam, you can create custom filtering rules: block certain senders, reject emails with certain attachment types, quarantine messages from specific countries.
Training Your Teams
Technology blocks a lot, but attackers adapt. The last line of defense is people. Training your employees to recognize phishing is essential.
Organizing Awareness Sessions
Schedule regular sessions (2 to 4 times per year) to reinforce best practices. Show concrete examples of phishing emails. Explain the techniques used by attackers and how to counter them.
Conducting Phishing Tests
Some companies send fake phishing emails to their employees to assess their vigilance. Those who click receive additional training. This approach, used constructively, is very effective at building good habits.
Creating a Reporting Culture
Encourage your employees to report any suspicious email rather than silently deleting it. A report helps alert others and improve filters. Never blame someone who reports a legitimate email out of excessive caution.
Defining Clear Procedures
For sensitive requests (wire transfers, banking detail changes, sending confidential data), establish verification procedures. An urgent transfer request should be confirmed by phone, even if it appears to come from the CEO.
What to Do If You Click a Suspicious Link?
Despite all precautions, an accidental click can happen. Here\'s the procedure to follow.
Don\'t Panic, but Act Quickly
- Disconnect from the internet – Unplug the network cable or disable Wi-Fi to stop any data exfiltration.
- Don\'t enter any information – If a page asks for credentials, close it immediately without typing anything.
- Notify your IT department – They can analyze the situation and take necessary measures.
- Change your passwords – If you entered credentials, change them immediately from another device.
- Monitor your accounts – In the following days, check your bank accounts and online services for any suspicious activity.
If You Opened a Malicious Attachment
An infected attachment can install malware on your computer. Disconnect the device from the network, notify your IT department, and don\'t use it again until it has been analyzed and cleaned.
Best Practices for Business Email
Beyond phishing protection, several best practices strengthen your email security.
Use Professional Email Addresses
Stop using @gmail.com or @outlook.com addresses for your professional communications. An address on your own domain (contact@company.com) is more credible and lets you control security settings.
Segment Access
Not all employees need access to all mailboxes. Limit permissions to the strict minimum and promptly revoke access for people who leave the company.
Enable Two-Factor Authentication
2FA protects your accounts even if a password is compromised through phishing. Make it mandatory for all users in your organization.
Archive and Back Up
Regular email backups allow you to recover data in case of malicious deletion or ransomware. Infomaniak maintains automatic backups, but an external backup adds an extra layer of protection.
Conclusion
Phishing is a permanent threat that won\'t disappear anytime soon. Attackers are becoming more sophisticated, but so are defenses. The combination of technical protections (anti-spam, SPF/DKIM/DMARC, filtering) and user training provides a robust defense.
Infomaniak provides the technical tools needed to secure your email. It\'s up to you to complement them with team training and procedures tailored to your organization.
Vigilance is the best antivirus. Cultivate it every day.
Ready to migrate to Infomaniak?
Contact us for a free 15-minute audit. We will analyze your situation and provide you with a personalized quote.
Request a free audit