Email Security Blog

How 883 Malicious Emails Made It Past Anti-Phishing Software

CISO's have an unenviable job. They are tasked with protecting their organization's IT security against threats known and unknown.  Where the next malicious attack might come from is anyone's guess. Often CISO's rely heavily on Secure Email Gateway (SEG) providers as the primary anti-phishing software defense. While it's not uncommon, it may be building a false sense of security that when realized, could be catastrophic for an organization's email fidelity.

Over time we've surveyed our peer's claims through the lenses of our customers. Each customer that engages INKY has a story about how they relied upon a legacy SEG to handle their anti-phishing posture. In every case, they came to the realization that while the SEG was effective against SPAM and Malware, they were failing when it came to being an anti-phishing solution.  These malicious emails were still making it into the inboxes of employees.

For our latest special phishing report, we decided to measure just how many phishing attacks were slipping through legacy SEG's. We picked a four-month window and three of our customers where INKY was downstream from an incumbent SEG.  These SEGs claim to offer phishing protection as a part of their solution.  The results were nothing short of a fail when it came to blocking malicious attacks.

For today's article, we are going to focus on a magic number of 883. 883 is the total number of successful phishing emails that made their way into the mailboxes of the three companies executive suite despite the best efforts of their existing SEG. Let's consider this; if each company had employed a 3rd party security company to protect their business and during that the first four months they were burgled a combined 883 times, would you consider that a successful business engagement? I'm guessing no. 

Failing 883 times in not a strong endorsement of an anti-phishing software solution, it's a disaster waiting to happen. Criminals targeting the very top of the pyramid in a company is not unusual.  Executives tend to be action-focused and are perhaps less likely to scan each email they receive for the subtle (and often hidden signs) of a phishing attack.

Impressive (not), these customers are paying a premium to be unnecessarily exposed by their failing anti-phishing software. Further within the C-level group, INKY flagged an alarming 10,608 emails with yellow caution banners. These numbers suggest that many of the emails had at least some cause for concern — or involved some sensitive content meriting individual guidance. Without INKY, these emails would have been delivered with no warning or annotation.

So doing some basic math, taking the danger emails and the caution emails together, these three customers C-level exposure to phishing emails totals 45,000 annually. Madness!

Our 2019 Special Phishing Report exposed the fact that self-identified anti-phishing solutions are simply not equipped to filter, isolate, and identify phishing attacks. At INKY, one slipped phish is unacceptable. For the SEGs to be letting them through in the hundreds of thousands is jaw-dropping.

INKY is a new breed of anti-phishing software, peerless, and generations ahead of the rest; we protect every email user from the big bosses to the interns.

So how is INKY different? INKY sees the things that others can't and catches the things that others don't. INKY is a true anti-phishing software solution. INKY can engage with incredibly sophisticated phishing threats as well as the mundane challenges of spam and the like. INKY adds a thin—but powerful— layer of protection to your email suite that holistically protects your organizations.

The challenges of email are incredibly deep and complex, and you can't merely throw an algorithm and some code against it to get results. Our 2019 Special Phishing Report proves this – the SEG's simply don't work.

At INKY, we know email - its history and its flaws. As INKY sees an email, we start comparing models and building profiles, the more we see, the more we learn and more we learn, the more we see.

We've analyzed and learned the design constructs of leading organizations and have developed an exhaustive visual vocabulary to help identify fraudulent emails.

Our anti-phishing software solution blends a potent trifecta of technology to target today's phishing threats:

  • Computer Vision: Brand images verified/flagged
  • Artificial Intelligence: Thoughtful evaluation and intelligent learning
  • Machine Learning: INKY self-adapts, no coding required

Further, INKY enhances training efforts by offering gentle—but persistent color-coded anti-phishing banner based cues when it detects something is amiss. INKY is cloud-based and integrates quickly into any environment, even working in tandem with any existing SEG's you may have.

At INKY, we believe in truth in advertising; we are an anti-phishing software solution, no we are THE anti-phishing software solution.

Schedule a demo today, and we'll prove it to you.

INKY – Phight Phish.