The e-mail reads, “Click here to download your report.” It appears to be from a credible source, but the link leads to a website created solely for the purpose of information theft. Cybers-cammers strike again using phishing e-mails to trick recipients into clicking on links and typing in their personal information. In most instances the user has no idea they have walked right into a trap. According to findings recently released by Intel Security, 97% of people globally are unable to correctly identify phishing e-mails.
According to the latest report released by APWG, phishing attacks have reached an all-time high. Why are phishing attacks still effective? How can they be prevented? Joshua Schleicher, one of our Solutions Consultants at Easy Solutions, recently sat down with Information Security Media Group’s Howard Anderson at the Fraud Summit in Chicago to discuss phishing attacks and offer insight on their prevention.
As Josh indicates, there is an increase in the number of successful phishing campaigns because of the difficult process of identifying phishing e-mails. There are easy identifiers such as the use of incorrect grammar or poor visuals, but often scammers send very sophisticated and credible looking e-mails. Social media is also a new vector for phishing expeditions. Organizations encourage the use of social media to get more users and now attackers are adopting this as a new way to introduce scam campaigns.
The key to preventing such attacks is e-mail authentication. If a user cannot properly identify a phishing campaign, it needs to be done for them. There is currently a lack of security within e-mails, particularly around the authentication process. Organizations can use existing technologies, such as Domain-based Message Authentication, Reporting & Conformance (DMARC), to authenticate e-mails so the end user is not receiving anything unexpected. This will help companies open up their e-mail channels to provide trusted communication for their users.
DMARC has been adopted and supported by most of the major email providers.
It involves the use of existing authentication technologies plus a robust reporting format that provides visibility into e-mail channels. It identifies senders that are spoofing their e-mails and also allows visibility into legitimate senders that are suppose to be using the domain, but are not properly configured.
As DMARC becomes more widely adopted, it will be a necessity for organizations that want to use e-mail as an effective means of communication to their customers, essentially bringing back trust to e-mail.
Josh’s full interview can be found below.