Avatar of Y Y

asked on 

Besides user education, are there any other solutions to prevent spear phishing?

This is getting crazy - various users have received phishing emails from the "boss". The sender's email is not even true but one of the users still got tricked.

I don't think SPF,dkim and dmarc would stop this kind of spam. What's your solution?

AntiSpamMicrosoft 365Security

Avatar of undefined
Last Comment
Avatar of bbao
Flag of Australia image

generally speaking, the common sense. most phishing emails are money targeted, hence for everything money-related especially payment related, make a phone call directly to the boss to confirm. please note: never use the phone number given in the phishing email, if any,.

another hint might be helpful -it is to use some kind of hidden sign or signature for manager emails, such as always leaving two space characters at the end of 2nd paragraph for all emails from the boss. only internal or related employees know the sign and never put this hint in writing in any company documentations. this will give no clues to the hacker even some of the company documents have been disclosed.
Avatar of Mark Bullock
Mark Bullock
Flag of United States of America image

I have used Mimecast as an end user. It inspects URLs in emails at time of click, incurring a slight delay. I don't know what it costs. https://www.mimecast.com/products/email-security-with-targeted-threat-protection/

Avatar of kevinhsieh
Flag of United States of America image

We put a banner header on all email from outside the company. We also started quarantining all emails that have display name as one of our important people.User generated image
Avatar of strivoli
Flag of Italy image

I've used OpenDNS https://www.opendns.com/ which basically prevents you from visiting well known phishing sites.
Avatar of btan

One of the challenges surrounding phishing is that once a phishing email is within an inbox, or an account has been compromised and is sending out internal phishing emails, it can be very difficult for admins to reach into user inboxes and remove the threat. Post-Delivery Protection platforms make this easy. Platforms such as IRONSCALES provide a comprehensive solution to this problem, by offering Post-Delivery Protection.

Such platforms protect users from threats within the email inbox. Typically, they use algorithms powered by machine learning and artificial intelligence which are fed typical attributes of phishing emails. They then apply these attributes to the emails your users send and receive, along with analysis from anti-virus engines, to detect suspicious emails.

There are also impact reduction means using web isolation using Web mail  and phishing exercises to enhance end user vigilance

Avatar of David Favor
David Favor
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Y Y


Thank you all for the great help!

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo