Email Security Blog

Why Your Email Security Needs Anti-Phishing Software

Malicious threat actors are attacking computers and networks at an astonishing rate. According to the University of Maryland, one attack comes, on average, every 39 seconds.

The majority of successful cyber attacks start with a phishing email.

In the past, most phishing attempts targeted financial information, such as bank account numbers or credit card numbers. That’s changed. Beginning in 2018, Office 365, G Suite and other online email services are now the number one phishing target

Cyber criminals continue to evolve their phishing attack software and schemes. The specific tactics they use get more sophisticated.

Brand Impersonation

Cyber criminals in 2019 are continuing to have success by crafting emails that emulate recognizable and trusted organizations. The top ten most impersonated organizations make up 71% of attacks.

Top 10 Organizations Most Impersonated
Source:  Statista

  1. Microsoft (13%)
  2. Google (11%)
  3. Facebook (10%)
  4. Apple (10%)
  5. PayPal (6%)
  6. Adobe (5%)
  7. Dropbox (5%)
  8. Chase (4%)
  9. DocuSign (4%)
  10. Wells Fargo (3%)

These are reliable organizations that your employees will recognize and with which they may have an established relationship. They may regularly get email from these organizations.  Yet, clicking on links in these fraudulent emails can lead recipients to reveal their online credentials and allow cyber criminals to access company networks.

You need an anti-phishing software solution like INKY that will catch brand forgeries and alert you.

Pharming Attacks

Cyber criminals may also embed links in email or attachments that launch malware. Disguised as an urgent request, an attachment or PDF, or a link to an online document, malware is installed on the network that can cause chaos. It might lock up computer systems using ransomware or redirect legitimate web traffic to a spoofed website that looks just like the real thing to grab account information and login info. Chances are, this kind of malware is in your network already. Employees receive an average of 16 phishing emails per month.

Event Phishing

Another tactic gaining popularity is tailoring email phishing attacks based on recent news events. For example, when new privacy legislation is in the news, such as the California Consumer Privacy Act (CCPA) new data privacy laws or the European Union’s General Data Privacy Regulations (GDPR), scammers take advantage of an organization’s confusion or concerns over the news to request confidential information.

Scammers even use threats of other publicized breaches or phishing attacks to scare users into falling for one of their schemes.

Education Only Goes So Far

Many companies will invest the time and money to train their users on the dangers of email phishing. While it can’t hurt, it doesn’t solve the problem.  Even when people know something might be “phishy,” they still often get caught. 

Columbia University researchers sent 2,000 phishing emails to faculty, staff, and students in an attempt to steal login credentials. In one scenario, they offered free iPads. One hundred seventy-six recipients opened the email and clicked on the potentially malicious link.  Researchers warned the recipients it was a scam and then sent the same email a few weeks later to the same victims. Ten of them fell for it again. Then, they repeated the whole process:  warn, wait, and resend. It wasn’t until the 4th round that none of the recipients opened the email and clicked on the link.

That’s especially scary because it takes only one person in your organization to fall victim to expose your entire network. 

While the Columbia researchers sent blatant email phishing attacks, most attempts are less obvious.  The human eye is unable to detect most of the tricks cyber criminals use today. URLs that might make somebody think twice before clicking can be hidden in a variety of ways you can’t see. Hidden letters can mask URLs from being seen by most anti-phishing software as well.

New attacks are being launched every day. 

Most Existing Software Tech Doesn’t Always Work

Despite your best efforts, existing software tech lacks the ability to deal with cyber-attacks. Phishing attacks are increasingly sophisticated, targeted, and successful. If you are relying on Google or Microsoft’s built-in anti-phishing software, you are not adequately protected. 

Most phishing software relies on a list of known threats. When an email arrives from an address associated with prior phishing attempts or a known bad URL, it will be blocked. While this practice can help, it won’t stop phishing attacks from getting through. It is too easy for the bad guys to change up their email or URL and bypass this basic method of security.

You need a secure anti-phishing software solution that provides complete protection.

A Secure Email Solution

Whether you are using Office 365, G-Suite, Microsoft Exchange or another email solution, INKY is the industry’s best secure email solution

INKY is uniquely effective at catching phishing attacks. Using computer vision, artificial intelligence (AI), and machine learning, INKY searches for signs of fraud other phishing attack software misses and can detect imposters down to the pixel level. It works on any device and places highly visible warning banners directly in the email. Recipients can’t miss them whether they are reading their email on a desktop computer or a mobile device.

The FBI reports that $1.4 billion is lost to email fraud every year. 

Don’t be the next victim. Protect your organization from phishing attempts with INKY.

 

 

Topics: