Skip navigation

Phishing Prevention

Phishing is one of the most enduring security risks IT professionals face. It’s been a common avenue for credential theft for years — but despite all the notoriety, phishing campaigns continue to fool even the most vigilant among us. As attacks become more sophisticated, the security that prevents them is evolving as well, moving beyond network-based tools to an identity-based model.

Watch the Webinar

A school of fish chasing a letter on a hook, playfully representing phishing prevention.

What Is a Modern Phishing Attack?

Historically, phishing has been conducted by sending mass email campaigns designed to collect credentials to a broad group of people. The logic is that if a hacker can reach enough people with a phishing campaign, statistically someone will take the bait.Modern phishing is much more targeted, and social engineering is often involved. Through social engineering, attackers gather information about their targets through meticulous research and manipulative interactions. If they’re able to piece together enough information about an organization’s infrastructure and employees, 

Hands using a smart phone, a worried person looking at a laptop & hands using a laptop representing how spear phishing works.

they may be able to pose as a legitimate user and infiltrate the organization’s networks. The hacker may seem unassuming and respectable, possibly claiming to be a new employee, helpdesk contact, or contractor and may even offer credentials to support that identity.This targeted form of social engineering is called spear phishing. Like any other phishing attack, the goal of spear phishing is to acquire sensitive information, install malware or steal credentials. Unlike other phishing attacks, however, spear phishing takes advantage of uniquely human traits — like habits, personal motivations and incentives — to encourage their targets to fall for the attack.

How Spear Phishing Works

Most modern phishing attacks occur in several phases — hackers start by gathering information about their targets to gain initial unauthorized access into an organization’s networks, and then escalate privileges as they traverse the networks.

  • Step 1: Social Engineering
    A spear phishing attack begins when a hacker establishes some kind of communication with their target. This could happen via phone call or email — there are any number of avenues hackers use to reach out to targets in a way that appears legitimate.
  • Step 2: Targeted Phishing
    Once an employee has bought into a phishing scam, they’ll typically be taken to a web page where they’ll be asked to provide their credentials.
  • Step 3: Lateral Movement
    Once the hacker has infiltrated an application, they can use an organization’s internal systems to gain access to additional resources and take over more user accounts — often with privileged access to critical systems.

Why Phishing Prevention Matters

It’s the #1 reason for security breaches.

80% of breaches involve brute force or the use of stolen passwords, per Verizon’s 2020 Data Breach Investigation Report (DBIR).

Attacks are becoming more common.

Hacking and phishing tools, along with documentation on how to use them, are readily available online — so launching an attack is easier than ever.

Hackers can fool even the best of us.

Over the years, phishing has become harder to spot. Rather than casting a wide net, attackers now target specific individuals. 

The Solution

Because it targets the unpredictable human element of security, phishing sounds scary — but it doesn’t have to be. With a few best practices in place, organizations can achieve phishing resistance and prevent unauthorized access.

1. A tiny dog next to a big dog representing strong user authentication.

Implement Strong User Authentication

Requiring multi-factor authentication (MFA) significantly reduces risk of unauthorized data access — but not all authentication methods are equal. Using WebAuthn or FIDO2 security keys provides the highest level of assurance for secure access. Additionally, Verified Duo Push provides an extra layer of security by requiring users input a unique code from the login device in the Duo Mobile app. 

2. Two eggs and a just-hatched chick, representing single sign-on (SSO).

Reduce Reliance on Passwords with Single Sign-On (SSO)

Single sign-on serves as a unified visibility and enforcement point for application-specific policies, while also enabling seamless access to multiple applications with a single set of credentials. With fewer credentials to remember, users are less likely to reuse or create weak passwords that can easily be targeted by hackers. 

3. Six nesting dolls of decreasing size, representing a detailed device inventory.

Create and Maintain a Detailed Device Inventory

It’s hard to prevent access from devices you don’t know about. Visibility into all the devices accessing your resources is the first step in ensuring every access attempt is legitimate.

  • Duo’s Device Visibility
    See every endpoint that’s logging in to your apps, so that you can spot risky devices before they compromise your resources.

    Device Visibility is available in all Duo editions.
  • Duo’s Device Health
    Monitor laptop and desktop devices to ensure they have the right security protocols in place.

    Device Health is available in Duo Access and Duo Beyond.
4. A person using handholds to climb, representing verifying device trust as part of the authentication workflow.

Verify Device Trust as Part of the Authentication Workflow

With many different devices accessing company resources, it’s important to ensure they’re all healthy and up-to-date. Compliant devices are less likely to create gaps in security, making them more difficult for hackers to exploit.

  • Device Access Policies
    Manage access permissions based on operating system, encryption status, software version and more.

    Device Access Policies are available in all Duo editions, with advanced options in Duo Access and Duo Beyond.
  • Duo’s Trusted Endpoints
    Identify corporate-owned vs. personal laptops, desktops and mobile devices, to ensure only devices with the right permissions are accessing critical resources.

    Duo’s Trusted Endpoints is available in Duo Beyond edition.
5. A chameleon on a branch, representing adaptive access policies.

Enforce Adaptive Access Policies

Ensure that the right users, with the right devices, are accessing the right applications. By creating granular security policies, you can enforce a least-privilege access model and ensure that users and their devices meet rigorous standards before they can login to critical resources.

  • Duo’s Adaptive Authentication
    Provide conditional access based on context from user roles, device status, user location and more using Duo’s adaptive policy engine.

    Adaptive Authentication features are available in all Duo editions, with advanced options in Duo Access and Duo Beyond.
6. A person using binoculars with three flying saucers hovering, representing monitoring unusual login activity.

Continuously Monitor for Unusual Login Activity

Utilize behavioral analytics to monitor the unique access patterns of your users. This practice helps you spot suspicious activity — and stop breaches before they happen.

  • Duo Trust Monitor
    Establish baseline access behavior and be notified of anomalous activity, like logins from new devices or unexpected locations.

    Duo Trust Monitor is available in Duo Access and Duo Beyond editions.

Related Topics

Passwordless Authentication

Hackers can’t steal a password if there’s no password to steal. Passwordless authentication is becoming a viable and attractive way to reduce credential theft.

Learn More About Passwordless Authentication 

Multi-Factor Authentication

Phishing attacks depend on human behavior to be successful — so verifying user identities with strong MFA is the first step in preventing a breach.

Learn More About Duo’s Multi-Factor Authentication 

Adaptive Access Policies

Assigning access permissions by application ensures that your most critical resources are also your most protected.

Learn More About Duo’s Adaptive Access Policies 

Cover of Anatomy of A Modern Phishing Attack eBook

Anatomy of A Modern Phishing Attack

Find out how targeted phishing attacks and breaches happen through one popular company's real-life experience, and see how the breach could have been prevented.

Read the Report