According to the FBI, phishing mail was the most common type of cybercrime in 2020 – and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020. There were more than 11 times as many phishing complaints in 2020 compared to 2016.

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. Whether it’s getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target.
The UAE has seen a 250% increase in cyberattacks this year, with phishing and ransomware incidents increasing in frequency. As per a KPMG survey, there is clear reported evidence of cyber criminals targeting Covid-19-related support packages across multiple financial services organizations, and an increase in identity spoofing and cybercrime directed at several online traders. 83% of UAE businesses surveyed had seen a change in cybercrime as a result of the pandemic.
In particular, they experienced or observed a significant change in the following:
- 50% Phishing scams
- 46% Email spamming
- 38% Online scams
Let’s examine in this article what do we essentially mean by phishing attacks and what is the best method to stop them.
What is Phishing Mail?

Phishing email, or phishing mail, is a fraudulent attempt to trick individuals into revealing personal information like passwords, credit card numbers and bank account information. A phishing mail attacker accomplishes this by posing as a legitimate sender, re-creating the look of an email from a trusted company or person.
A phishing mail may try to convince users that they are about to lose access to an account, that their password needs to be changed, that there’s a problem with a payment or that there’s some other problem which can be remedied by clicking a link and visiting a website.
Once users are on the phishing website (which is designed to look like a legitimate one), they are asked to enter certain sensitive information, which attackers can then use to access their accounts, steal their identities or drain their bank accounts.

Phishing mail attacks have been successful for several decades because they prey on several things that are common to most people –
- A tendency to trust that the intentions of people are honest.
- Fear of losing opportunities, money and access, or fear of reprisal from employers and government agencies.
- A fast-paced life, where most people want to get through the email in their inbox as quickly as possible and may not stop to question whether a request for information is legitimate.
Phishing mail grows more sophisticated with each year. Phishing mail attacks are also quite easy and inexpensive to execute, and attackers only need for a few people to “bite” to make it worth their while.
How to Recognize Phishing Mail?

Most users can spot a phishing mail attack if they look closely and follow these guidelines for evaluating any email. Phishing mail attacks are likely to include:
- A request for the recipient to click on a link and to enter sensitive information.
- Grammar and spelling mistakes and unusual word choices.
- An urgent tone and an insistence that the recipient must act quickly.
- A threat of adverse consequences if the recipient doesn’t respond.
- An offer that seems too good to be true.
- A claim that there is a problem with a user’s account, credentials, payment or data that must be remedied quickly.
- Suspicious attachments or unrecognized invoices.
- Hyperlinks that, upon closer inspection, would take the user to an unknown and suspicious website.
- Sender email addresses that don’t exactly match the domain of the company the email claims to be from.

If you think you have received a phishing mail or have fallen prey to a phishing mail attack, you should report it to your company immediately in order to limit any damage. You can also report the phishing mail attack to your email provider, to the company that the email is impersonating, and to government agencies attempting to stop phishing mail attacks.
Many phishing emails contain malicious payloads such as malware files. Below are the most common types of malicious files attached to phishing emails –
- Windows executables (74%)
- Script files (11%)
- Office documents (5%)
- Compressed archives (4%)
- PDF documents (2%)
- Java files (2%)
- Batch files (2%)
- Shortcuts (>1%)
- Android executables (>1%)
How to Block Phishing Mail?

To prevent a phishing mail attack, organizations are wise to implement a variety of protective measures that include:
- Security awareness training to help employees spot, delete and report phishing mail.
- DNS authentication services that use SPF, DKIM and DMARC protocols to prevent spoofing and impersonation.
- Email scanning and filtering solutions that identify and block access to malicious URLs and attachments.
- Anti-impersonation software that scans email for header anomalies, domain similarity and other signs of malware-less, social engineering-based email attacks.
- Anti-spam and anti-malware software.
Combat the Threat of Phishing Mail with Mimecast
It takes powerful phishing protection solutions to defend your organization against ever-evolving email phishing scams. For many organizations, phishing protection involves educating users to spot the signs of a potentially fraudulent email. With more than 90% of hacking attacks starting with some kind of phishing email, a stronger layer of phishing protection is clearly required to protect your organization and users from these devastating attacks.
Mimecast offers cloud-based solutions for email security, archiving and continuity in an all-in-one subscription service. With Mimecast, you can easily reduce the cost and complexity of managing business email while increasing security and availability.
Mimecast SaaS-based security services provide always on, always up-to-date protection that avoid the expense of traditional security gateways. Mimecast’s services stop viruses, malware, spam and data leaks as well as advanced threats like cyber phishing. Mimecast also provides end-user empowerment services and tools that help employees better recognize the signs of phishing mail and that enlist them as front-line defenders to prevent phishing attacks and impersonation fraud.
Mimecast Targeted Threat Protection is a suite of services that defends email against advanced threats like phishing mail, a spear-phishing virus, CEO fraud and whaling.
Components of this advanced security solutions include:
URL Protect
To protect against a phishing mail attack, Mimecast rewrites all links in inbound emails and scans the destination website in real-time to check its security and validity. If a site seems suspicious based on Mimecast’s threat intelligence and global allow/block lists, the user will be prevented from visiting the requested site.
Mimecast provides real-time scanning of the URLs in inbound email, preventing users from clicking on malicious links or visiting websites that may contain malware. All URLs in archived emails are scanned as well to prevent against delayed attacks.
Attachment Protect
For phishing protection against attachments that may contain malware, Mimecast preemptively sandboxes attachments or converts them to a safe format before sending them on to employees.
Impersonation Protect
Mimecast also combats malware-less attacks that use social engineering to impersonate trusted individuals. These attacks are designed to trick users into making wire transfers, processing financial transactions or releasing payroll information that could be used for identity theft. To block these attacks, Mimecast scans each incoming email for signs of an impersonation attack, and either quarantines suspicious email or notifies end-users that the email may be illegitimate.
Mimecast provides phishing protection to prevent spear phishing, scanning all inbound email in real-time, searching for key indicators in the header, domain information and body content that suggest an email may be fraudulent. Suspicious messages can be blocked, bounced or tagged with a warning before being sent on to users.
With Mimecast’s phishing protection solution, you can –
- Provide instant protection on and off the corporate network with no disruption for end-users.
- Implement a solution quickly and easily with rapid service activation through Mimecast’s cloud platform.
Stop Office 365 Phishing Attacks with Mimecast

Microsoft Office 365 provides a broad range of benefits for business email, but stopping Office 365 phishing threats and other email phishing scams may require help from a best-of-breed, third-party solution.
In traditional on-premises Exchange environments, enterprise IT teams can invest in solutions to stop phishing emails and mitigate the threats of malware, spam, zero-day attacks and other security issues. When moving to the cloud, these threats pose as a great a risk as well, but for all its benefits, Office 365 alone may not fully mitigate this risk.
With a leading cloud-based service for email security, archiving and continuity, Mimecast provides a powerful complement to Office 365, providing highly effective defenses against Office 365 phishing and other email-borne threats.
Mimecast email security services provide a number of tools to improve security in Office 365 and to neutralize Office 365 phishing scams and other threats –
- Targeted Threat Protection offers real-time protection from Office 365 phishing attacks, and provides tools to prevent spear phishing, whaling, CFO Fraud, business email compromise and other advanced threats.
- The Secure Email Gateway provides 100% anti-spam protection and 99% anti-spam protection.
- Secure Messaging enables users to send protected messages without requiring recipients to download software or requiring senders to understand encryption methods.
- Large File Send lets users send files up to 2 GB through email, avoiding the use of third-party file sharing services that fall outside an organization’s security perimeter.
- Content Control and Data Leak Prevention stops both malicious leaks and honest mistakes, helping to keep sensitive information from falling into the wrong hands.
Is Your Business a Victim of Phishing Mail Attack?

Phishing mail attacks and spear-phishing threats have become a mainstay in the arsenal of cyber criminals. The reason – so many users are easily tricked by a phishing mail message into divulging credentials, personal data and financial information that hackers can use to commit identity theft.
Successfully preventing a phishing mail attack requires two things –
- Greater phishing awareness among users about the dangers of phishing email scams and how to detect them, and
- Powerful email security technology that provides automatic defenses against phishing mail attacks.
That combination of security solutions is exactly what you get with Mimecast.
In case if you want to perform a realistic phishing simulation and test your company’s vulnerability to phishing attempts in a real-world scenario, please get in touch with our consultants today.
Author