Phishing

What is a phishing filter? Plus, how to set one up!

Stephen Moramarco
July 27, 2018 by
Stephen Moramarco

It is estimated that 14.5 billion phishing emails are sent every single day. Because the volume is so high, phishers need only a few people to click to be successful. In fact, a typical spam phisher can earn up to $7,000 per day.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

A 2015 study by CBS of almost 20,000 people found that 80% of them fell for at least one scam. That’s why it’s a good idea to add or enable a phishing filter in your browser, an easy procedure which can help prevent disaster. In this article we’ll talk about what a phishing filter does and how to set one up.

Enter the phishing filter

To deal with the tsunami of phishing attacks, filters have been developed to divert or neutralize these emails. The suspicious emails are sometimes placed in a special inbox or flagged and stripped of their attachments and links. Users or admins can then examine its contents more carefully.

Additionally, web browsers have their own type of phishing filter. When you click on a link, Firefox, Chrome or whatever browser you use will often automatically load the document or website. For regular sites, this helps make the Internet a pleasurable experience. However, if the site is malicious, you could be opening yourself up to a world of trouble. You could enter your credentials which could be stolen, or, if you are using a browser or program that is not up-to-date or has some kind of vulnerability your computer could be infected by a virus.

 

A browser phishing filter examines these redirects more closely. It could compare the URL to a blacklist of phishing sites, or analyze the link for Cyrillic or swapped characters that make it appear real (e.g. using an uppercase “I” instead of a lowercase “l”).

If there is a match to the database, the browser will instead load a warning page that the website may harm your computer or steal your information.

An example of a phishing filter in Chrome

Of course, as in any game of cat-and-mouse, thieves are constantly learning to bypass these filters in new and creative ways; the browsers usually only react once a threat has been identified and reported.

How to set up a phishing filter

While there are many different options, most phishing filters are activated in the same way: through a preference or options panel. We’ll show you how to set up a filter in Outlook and Google Chrome.

How to set up the filter in Outlook

By default, Outlook is set to No Automatic Filtering. (In 2007 versions or earlier, it is set to Low, catching only the most obvious spam/phishing attacks). These emails are stripped of their URLs and/or HTML and placed in the Junk folder.

In the Junk Email Options panel (under Home>Delete>Junk>) you can switch it to Low or High, which will be more aggressive in the emails it flags.

The most extreme option is Safe Lists Only, which restricts email to those on your Safe Senders List or email subscriptions on your Safe Recipients List. If you use High or Restricted, it’s a good idea to periodically check the folder for legitimate emails that slip through. (To move it back to your inbox, click the email and select Junk Email>Not Junk.)

You can further enhance the filter by adding a list of blocked senders, blocked domains, and blocked encodings (which disables URLs with characters from a different alphabet).

There are also a wide range of filter plugins for Outlook, such as Cloudmark SafetyBar, Disruptor OL, and SpamCatcher.

How to set up the filter in Google Chrome

Under Advanced Settings or chrome://settings/, click the Privacy tab, and check to ensure malware and phishing protection is enabled by turning on “Protect you and your device from dangerous sites.” This will connect it to a database of malicious websites that is regularly updated and alert you with a big red warning page, as shown above.

Under Privacy>Content Settings, it is recommended you set Flash to “ask first,” as some phishing sites exploit vulnerabilities in Flash to give your computer a virus. Also set automatic downloads and unsandboxed plugin access to “ask first.”

You can enhance your anti-phishing security with plugins such as Windows Defender Browser Protection and Password Alert, which allows you to automatically reset your Google Password if you accidentally entered it in the wrong site.

SecurityIQ PhishNotify+ defender

As part of the SecurityIQ platform, InfoSec Institute has created a special plugin for Outlook called PhishNotify+ Defender. With this email filter, administrators can remotely change the settings of any account, stripping messages of links or attachments amongst other safety features. This is particularly useful when employees learning about the dangers of phishing are in training mode. The plugin also contains a way for users to flag potential phishing emails and place them in Quarantine.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

PhishNotify+ is just part of the multi-faceted offerings from SecurityIQ. They offer training courses that can be automatically administered and monitored (AwareEd) as well as a phishing simulator (PhishSim) to test the vigilance of your staff. For further information and a free trial, visit www.securityiq.com today.

Stephen Moramarco
Stephen Moramarco

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.