DCSA CI MCMO Countermeasures Matrix

Phishing Operations

Please consider the following questions regarding how you protect your technology, information and personnel from phishing operations.

Q1. How do you detect malicious emails?

Use an email filter.
Block executable and zip attachments and hyperlinks.
Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
Ensure your network is current on patches/ updating software. (Phishing.org)
Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
Monitor the Internet for fraudulent variations of your organization's name, trademark, seal or website address. (INFOSEC)
Use Antivirus software (Phishing.org)
Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)

Q2. How do you educate employees to identify suspicious emails?

Provide regular and updated training on identifying suspicious emails.
Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

Q3. How do you report suspicious emails?

Click on the individual cells in the matrix for suggested Countermeasures.