Fighting the toughest battle in Cybercrime: Spear phishing
Introduction: Just last week CBS ran a 60 Minutes segment about the cyber-attack on Sony Pictures, and it brought to light the dangers of phishing. Specifically, it highlighted a tactic called Social Engineering, which is a technique used by cybercriminals to manipulate people through trickery to get them to divulge information. Social engineering is not a new concept. For years con artists and criminals have manipulated unsuspecting victims for their own gain, and they’re often successful because people are naturally trusting. And because so much of our lives are now online, it’s much easier for criminals to engineer scams that people will believe.
Learning from examples like Sony is critical in protecting your business. We invited Dave Bull, Director of Product Marketing at Intel Security, to help us understand the dangers of phishing and how to protect your business. Here’s what he had to say:
Whether you’re a small business, enterprise, government agency or any other organization, it’s likely email is your main form of communication. Email phishing has been proven time and again to be the preferred vehicle for breaches into an organization, whether by delivering malware or harvesting credentials directly from the recipient of the attack. The volume itself is staggering; we discovered over 150,000 new phishing URLs just in the fourth quarter of 2014. Then when we see reputable research organizations such as Verizon indicate that nearly 1 in 5 users will click on one of those URLs in a phishing email, we know we have a serious problem on our hands.
Phishing targets the vulnerabilities within us all – the human nature to trust. Unfortunately cyber-criminals exploit this weakness through advanced social engineering practices. Preparing your employees to handle social engineering is no longer an option – this must be a part of security education. We’ve even built a quiz you can take here, which helps to familiarize what fraud looks like in email, and how to spot it.
Sophisticated cybercriminals know about our email security technology and every other defense in the market. Knowing that their phishing emails will be thoroughly scanned by a security provider, often times they will send a phishing email with a completely safe URL inside of it. Then, while the email sits in an inbox, the cybercriminal will infect that formerly clean page with malware, knowing that the email has already been scanned. Just as they track our technology, we track and defend against their tactics.
Hosted Exchange integration with ClickProtect
We have a feature called ClickProtect that re-scans a URL once the link is clicked. By running the web page through our industry-leading Gateway Anti-Malware Engine we add a second layer of defense for the user. Intermedia includes this feature in their Advanced email protection, you can learn more about ClickProtect here.
Defending against phishing attacks is difficult, but something that no organization can choose to ignore. Your ability to stay productive, protect sensitive data, and maintain a trusted reputation depends on it. Intel Security and our trusted partners like Intermedia are here to help with the latest technology available to help you stay secure.
If you want to learn more about phishing and how to protect yourself, attend our SpiceWorks webinar presented by Intermedia and Intel Security on April 29th at 12pm EDT. Click here to register.