Phishing Protection Guide: A Deep Dive

Learn how to combat the phishing epidemic with a strategic phishing protection plan.

Request a Consultation

What is phishing?

Using an email or link to an online site, a criminal attempts to entice a person into providing sensitive or confidential information which can be used or monetized by the phisher.


A targeted phishing attack focused on a specific person or group of people.

Clone Phishing

A phishing attack in which the 'phisher' uses a genuine, previously delivered email to create an identical (or almost identical) email containing similar content, attachment, recipient, and sender email address. A fraudulent link or attachment replaces the original one.


A form of spear phishing focused on senior corporate executives or high-profile individuals, such as those in government. Email content may request the recipient perform a task, such as providing employee records or sending a wire transfer, or contain malicious links.

Stay up to date with the latest in phishing protection trends from Cyren

Learn why criminals find phishing highly lucrative, how evasive phishing techniques are requiring new defensive strategies, and how you can protect your employees, operations, and reputation from a phishing attack.

Download report

Understand how evasive phishing protection is evolving in a manner similar to the historic evolution of evasive malware.

Watch webinar

Learn about the impact of phishing emails specifically on Office 365 customers and what types of phishing protection solutions you can use to prevent attacks and breaches.

Read blog

The phish: Step by step (Download infographic)

Victim identification

Mass phishing attack
— Untargeted, large group of victims

Targeted phishing attack
— Specific group or high profile victim

Source setup

Brand names
— Phisher selects a brand name for mass email
— Uses newly created domain or hacked website for webpages that resemble the brand name website

Sophisticated content
— Develops an email with legitimate-looking content
— Spoofs the email address of someone at a target organization

Distribute attack

Mass distribution
— Phisher sends email with brand logos/name and links to fake webpages
— Places links to fake web pages in banner ads, on social media, and in text messages

Targeted distribution
— Phisher sends emails to specific target victim or group

Hook victims

Click Fake Links
— Victims click fake links and enter personal information into fake web page

Respond to email request
— Victim replies to email with request information

Expand / Monetize

Develop additional attacks
— Phisher uses stolen credentials for next phase of attack.
— Collects additional email addresses from hacked accounts

Financial gain
— Phisher sells stolen credentials
— Steals money using credentials from bank, PayPal, or fake wire transfer

Did you know...

Phishing doesn’t always involve an email distribution. Criminals are creating fake website advertising banners or text advertisements that link back to a malicious URL. The unsuspecting victim clicks the link and enters credentials on the fake site. The sensitive information is then captured and saved by the cybercriminal.

Request a Consultation

Reeling in the big catch with Business Email Compromise

A form of spear phishing, business email compromise (BEC) attacks have been increasing in number over the last few years. The FBI estimates a 1300% increase in BECs over the last two years, with losses estimated at more than $3 billion. There are two types of BEC attacks:


STEP 1: Infiltrate with a fake email requesting a password reactivation for a corporate Office 365 account.

STEP 2: Armed with the employee password, read corporate emails to get key business details, such as customers, vendors, decision makers, and financial data.

STEP 3: Launch a spear-phishing attack to accounts payables, requesting a vendor payment with the money going to an account set up by the criminal.


STEP 1: Fake an email address by creating a similar looking email account.

STEP 2: Send email to a business department, such as accounting or human resources, requesting the transfer of funds or information.

STEP 3: Employee responds, having only looked at the sender's name and not the email address which has been spoofed.

How Email Spoofing or "Internationalized Domain Name" (IDN) Homograph Attacks Work

The hacker registers an email domain that reads like the target company's, sometimes replacing, dropping, or adding a single character, such as a zero "0" for the letter "o". Using real corporate executive names, the attacker used creates an email address on this similar looking domain. Thus, all email fields appear valid, with the sender's name and email address seeming to match, but on closer inspection, they belong to a domain that just resembles the recipient's company own.

Prepare for phishing attacks with Cyren's Cyberthreat Report

Phishing sites don't last a zero-day

Cyren experts examined phishing sites tracked and flagged by Cyren's global security cloud and discovered that after 40 hours, over half of the phishing sites analyzed no longer exist, making it difficult for many cybersecurity solutions to detect and block them.

After 40 hours, over half of phishing sites no longer exist, making it difficult for many cybersecurity solutions to detect and block them.

Did you know...

Phishing uses social engineering to create an email that looks like it came from someone the victim knows. The email requests that recipient do something like provide financial information or the password to a corporate login.

Request a Consultation

Improve your phishing protection level

Password Management

Use password manager that creates different and unique passwords for every site.

Two-Factor Authentication

Require staff to use two different components for login, such as a PIN or password and something he possesses (a phone).

Automated Detection

Use email security gateway with real-time phishing intelligence that draws from large data sources and analytics and provides continuous protection from emerging threats.

Train your staff spotting phishing attempts with a simulated attack.

#1 Get executive management on board.

#2 Develop online training or work with an anti-phishing training company.

#3 Schedule regular simulated phishing attacks to ensure no complacency.

#4 Include the cost and implications of a successful phishing attack in your training.

Shopping, financial, and internet services most popular phishing targets

Apple, Chase, and PayPal were the top three most frequently spoofed websites, accounting for more than half of the total phishing URLs. Banks, internet services, Google, and Microsoft rounded out the top ten

Brand% phishing URLs
Apple 21.2%
PayPal 10.2%
Bank of America 6.0%
Facebook 3.0%
Chase 2.9%
Microsoft 2.5%
CIBC 2.4%
Google 2.1%
Wells Fargo 2.0%
DHL 0.9%

See Cyren's Phishing Protection Solution in action.

Request a Consultation