There are various actions a defender can take to help protect the users from falling victim to a malicious email. 

Some examples of these actions are listed below:

  • Email Security (SPF, DKIM, DMARC)
  • SPAM Filters (flags or blocks incoming emails based on reputation)
  • Email Labels (alert users that an incoming email is from an outside source)
  • Email Address/Domain/URL Blocking (based on reputation or explicit denylist)
  • Attachment Blocking (based on the extension of the attachment)
  • Attachment Sandboxing (detonating email attachments in a sandbox environment to detect malicious activity)
  • Security Awareness Training (internal phishing campaigns)

Per MITRE ATT&CK FrameworkPhishing for Information is described as an attempt to trick targets into divulging information, and contains three sub-techniques.