In addition, companies could use less expensive email authentication technology that looks at the sending mail servers and the IP addresses of the sender to determine whether the email is legitimate, Pascual said.
Such technology uses the Sender Policy Framework (SPF) and the complementary DomainKeys Identified Mail (DKIM). Another anti-phishing technology released last year was the Domain-based Message Authentication, Reporting and Conformance (DMARC) framework.
"Unfortunately, it's been around for awhile, but not a lot of businesses are using it," Pascual said of the various technologies. "It's very underutilized."
Sign up for CIO Asia eNewsletters.