Phishing Susceptibility
Phishing susceptibility refers to the degree to which an individual, organization, or system is vulnerable to a phishing attack. It's a measure of how likely a target is to fall for deceptive tactics designed to steal sensitive information.
Several factors can influence this vulnerability:
Human Factors: People are often the weakest link in the security chain. Susceptibility is higher in individuals who are not trained to recognize phishing attempts, are under stress, or are prone to clicking on links without thinking. Attackers often use social engineering techniques to exploit human psychology, such as creating a sense of urgency, fear, or curiosity to bypass a person's critical thinking.
Technical Factors: An organization's technical security controls also play a significant role. The absence of proper email filters, DMARC (Domain-based Message Authentication, Reporting, and Conformance), SPF (Sender Policy Framework), or DKIM (DomainKeys Identified Mail) records can make it easier for malicious emails to reach a user's inbox.
Digital Footprint: The more an organization or individual's information is exposed online—such as email addresses, employee names, or roles—the easier it is for attackers to craft a convincing, targeted phishing email.
High phishing susceptibility can lead to significant consequences, including financial loss, data breaches, and reputational damage. Reducing susceptibility requires a multi-layered approach that includes both technical controls and continuous user education.
ThreatNG helps organizations with phishing susceptibility by providing a comprehensive, outside-in view of their external attack surface. Its capabilities are designed to identify and mitigate risks that could lead to successful phishing campaigns.
External Discovery and Assessment
ThreatNG's external discovery performs unauthenticated discovery to find all an organization's publicly exposed digital assets, which is the initial step in identifying a potential phishing attack surface. The solution's external assessment capabilities are used to evaluate an organization's susceptibility to various attacks.
BEC & Phishing Susceptibility: This assessment is derived from Domain Intelligence, Sentiment and Financials Findings, and Dark Web Presence. For example, ThreatNG's Domain Intelligence module can identify a newly registered domain like your-company-support.net with an email record, which is a common tactic for phishing. This finding would contribute to a higher phishing susceptibility score for the organization.
Breach & Ransomware Susceptibility: This assessment is derived from external attack surface and digital risk intelligence, including domain intelligence and dark web presence (compromised credentials). A high score here could indicate that an organization has exposed sensitive ports or compromised credentials on the dark web, which could be used to facilitate a phishing attack.
Data Leak Susceptibility: This assessment is based on external attack surface and digital risk intelligence, including cloud and SaaS exposure, dark web presence, and domain intelligence. ThreatNG's discovery of leaked credentials on the dark web or exposed cloud services could indicate a vulnerability that an attacker could use to craft a more targeted phishing email.
Continuous Monitoring and Reporting
ThreatNG offers continuous monitoring of external attack surface, digital risk, and security ratings for all organizations. This allows an organization to track its security posture over time and detect new phishing-related dangers as they emerge. The Reporting capability provides various reports, including Executive, Technical, and Prioritized reports, which can highlight phishing susceptibility and other relevant risks. This helps security teams prioritize their efforts and allocate resources effectively.
ThreatNG provides several investigation modules that enable detailed analysis to uncover phishing threats.
Domain Intelligence: This module uncovers potential phishing threats through its various features. The Domain Name Permutations capability detects manipulations of a domain to find brand impersonation and phishing attempts. For example, ThreatNG can find a typosquatted domain like
microsoft-support.com, which resembles the official domain and is used in a phishing scam.Email Intelligence provides email security presence and format predictions, which help identify fraudulent email addresses.
Dark Web Presence: This module identifies organizational mentions of related people, places, or things, and associated compromised credentials. ThreatNG's discovery of compromised credentials on the dark web can alert an organization to a potential phishing threat.
Sensitive Code Exposure: This module discovers public code repositories and investigates their contents for sensitive data, such as API keys and credentials, that attackers could use in a phishing campaign.
ThreatNG's continuously updated intelligence repositories, known as DarCache, provide critical context for assessments. DarCache Rupture contains compromised credentials, which are vital for identifying potential sources of phishing attacks and understanding an organization's overall risk. This data is also used to derive the Breach & Ransomware Susceptibility and Data Leak Susceptibility scores.
Complementary Solutions
ThreatNG's intelligence can work with complementary solutions to enhance an organization's security posture.
SOAR (Security Orchestration, Automation, and Response) Platforms: ThreatNG can provide intelligence on fraudulent domains, brand mentions, and compromised credentials to a SOAR platform. This platform can then automatically trigger actions like sending takedown requests, blocking malicious URLs on a firewall, or creating a new incident ticket. For example, ThreatNG identifies a fraudulent domain (secure-acme-corp.com) that has a mail record and a SOAR platform automatically adds this domain to a blacklist to prevent it from reaching employees.
TIP (Threat Intelligence Platform) Solutions: ThreatNG can feed its unique intelligence on phishing threats into a TIP solution. This enables the organization to correlate ThreatNG's findings with other threat feeds for a more comprehensive view of the threat landscape. For instance, a TIP could combine ThreatNG's discovery of a fraudulent domain with a threat feed indicating it is associated with a known attack group, providing richer context for an investigation.
Email Security Gateways: ThreatNG can help an organization bolster its email security by providing a list of fraudulent domains and email addresses identified through its investigation modules. The email security gateway can then block or quarantine emails originating from these malicious sources. For example, if ThreatNG identifies a domain like support-company.net as a fraudulent domain with a mail record, the email security gateway can be configured to block all mail from that domain.
