The best way to protect against phishing campaigns is training and awareness, combined with a good email threat filtering system to keep known threats from reaching employee inboxes. Teaching employees how to spot a phishing email can be a great defense when the automated filtering fails to identify a threat. Identifying suspicious URLs or email addresses or knowing when an attachment may be malicious can prevent an attack brought on by a phishing email. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. More sophisticated, targeted attacks such as the campaign referencing Colonial Pipeline require extra vigilance on the part of employees and are best caught by endpoint monitoring to find suspicious files that were downloaded and executed. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cyber criminals to overcome in order to conduct a successful attack after they have compromised employee passwords. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage.

https://www.zdnet.com/article/hackers-use-colonial-pipeline-ransomware-news-for-phishing-attack/?&web_view=true