There is not a company in the world that would welcome a phishing attack. And yet, for many organizations, taking the steps necessary to protect themselves against cybercriminals and hackers is something that can wait until tomorrow.
Famous last words.
In 2019, $6,659 was lost to cybercrime every minute.1 It comes in all sorts of forms—malware, spear phishing, CEO impersonation, whaling attacks, brand forgery, domain spoofing, and more.
Where should you start? If you company isn’t fully protected against phishing threats, an easy place to start is with education. Understand what is at stake. Read up on the latest cybercrime statistics to better understand the risks. Take inventory of what your organization is doing today to fight in the war against phishing. And, take advantage of the INKY Phishing Prevention Tool Kit.
INKY is the industry’s leading solution for the security of your email. Uniquely effective at catching phishing attacks, INKY understands and relentlessly searches for signs of fraud, catching what other phishing attack software misses. To help others fight phishing attacks, INKY has developed a Phishing Prevention Tool Kit. It’s a great resource for better understanding the threats, evaluating your current situation, and educating yourself and your team about the perils of email phishing.
The INKY Phishing Prevention Toolkit contains some of the latest cybercrime statistics, a checklist for preventing phishing, and helpful guides to better understand how some of today’s phishing threats work. Here is an overview of three well-known phishing scams the toolkit addresses:
All to common in the world of phishing threats, fake attachments wreak havoc on businesses around the world, every day. A fake attachment generally comes in the form of an image embedded in an email that appears to link to an important file. In reality, the hacker has probably linked the image to malware or a credential harvesting site in hopes of obtaining valuable company or personal information that will ultimately allow them to personate the user and either steal from the company or send more phishing emails.
Text Direction Deception
This is a tricky one. Though most people have probably never heard of Cascading Style Sheets (CSS), hackers have begun tricking this popular HTML technology in order to sneak their malicious emails past the guards. In short, Secure Email Gateways (SEGs) scan each email for particular text sequences and patterns in order to determine if an email is malicious or safe. Hackers familiar with how SEGs work are manipulating the CSS to hide text from these scanners. For example, hackers are writing text backwards (so it doesn’t match up to the SEGs list of unsafe content) and then adding a hint or key that directs the text to be flipped for the reader. DNATSREDNU?
Hidden Text and Zero Font Attacks
It’s important to know that modern HTML contains millions of lines of code. When used in an email, complexities are introduced that make it very difficult for scanners to detect wrong-doings. That’s where hackers come in.
Zero font is a term that means text is somehow hidden in an email. It’s also called hidden text. Hackers familiar with how SEGs work can use CSS tricks to hide text from the scanners looking for phish. For example, in a deceptively designed HTML email, a line of text that would normally be flagged as suspicious is made visible to the end user while simultaneously hidden from the SEG using CSS chicanery. The result is that a malicious email slips right into the inbox of an unknowing recipient.
When it comes to creating and maintaining a secure environment for your organization’s email communications, it’s important to have reliable information to guide you. That’s why the INKY Phishing Prevention Toolkit is available to everyone. We encourage you to use it to make informed decisions about the security of your company. After all, there are plenty of email security providers who will lure you with an offer of something you probably don’t already have in your email security stack. However, just because you don’t have it, doesn’t mean it’s the best the industry has to offer. Beware of outdated software. Know what computer vision, artificial intelligence, and machine learning can add to an email security package and then make an informed decision.
This blog was updated on August 19, 2021, and can be found here.
INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.