The Inefficient Battle Against Phishing Attacks and the Technology to Turn the Tides of War

Written by

Let’s say one morning, you open your email inbox, just as you’ve done every day when you first make it to the office. Like everyone else in the world, you’re not hunting for scams or phishers, you’re just following up on communications.

Between sips of your choice morning beverage, you’ll review correspondences with other parties and make notes to follow up after gathering the information. Somewhere in your inbox, there’s still that one person who sends chain emails like it’s the 1990s, and an offer that looks too good to be true.

You read the whole message because it’s cheap entertainment plus, you’re still getting your bearings for the day. Next, you’ll do one of a few things: you leave it in inbox, delete the message, or you play the hero and click the spam button. Now, the whole world knows about this con artist and the day is saved, right?

What happens when you mark something as spam
You’ve flagged an email as spam and now the hunt is on, or so you’d like to believe. The reality is, when you flag something as spam, you’re basically adding the sender info and content to a big pool of data. It’s not an end-all for some would-be scam but it does help marginalize the efforts of less sophisticated attacks.

For example, when you mark something as spam in Gmail, this initiates a couple different tasks on the backend. First and foremost, with respect to the sender you’ve marked as spam, this should prevent the sender’s messages from reaching your inbox. The email will then go to Google’s big pool where it may or may not be fished out for further analysis.

When enough people identify a certain sender as spam, this typically results in the sender being blacklisted in the sense that emails will still pass over the web but will end up in the spam folder. Hence, it’s incredibly important for Google, other providers, as well as internal teams, especially when these attacks first originate, to constantly adapt and block spammer accounts. Additional analysis from these teams may also uncover further ploys, from true phishing schemes to just plain, obnoxious marketing tactics.

The never-ending supply of ammunition in the battle against spam
In the past and through present times, this information is shared beyond the networks where the emails ultimately end up (e.g. Google, Microsoft, Yahoo, etc.) so others can attempt to thwart random and targeted spam. This information is also forwarded to certain agencies that maintain a mostly crowdsourced effort for DNSbl and RHSbl, like the now-private AHBL.

Why this doesn’t work
These associative efforts are a lot like the FTC’s National Do Not Call Registry which is a great idea yet, not all that effective. It does prevent certain communications from calling you, but it’s based on telemarketers identifying themselves to the FTC as a telemarketer. This is equivalent to putting a sign on your door saying, “Thieves Must Identify Themselves” and expecting burglars to answer honestly when questioned at the front door before allowing entry.

Another reason this is inefficient is the fact that this identifies existing or “known” bad guys but leaves a large attack vector for newcomers. Not only are neophytes to the scamming business not easily identified, existing scalawags can make a slight shift in appearance to trick these systems.
The problem is, slight deviations in an attacker’s email or phone number usually isn’t detected. Imagine if the system looked at faces and this guy is on the list:

He knows he’s on the watchlist, but he wants to continue his scamming treachery, so he gets a pair of these:

Unfortunately, the matching game these systems use lacks intuition; this is also one of the reasons that virus scanning applications don’t necessarily catch malware either, especially when it’s first released which brings us to our next point.

Protecting your email with software
There’s a reason several anti-virus applications exist on the market – they work, at least a good majority of the time. Many of the better applications that run on desktops and mobile devices usually have a secondary set of protections that works at the application level of computing, protecting browsers as well as web-based email clients and applications like Outlook.

Another problem is the fact that apps run locally from a device’s hardware. This presents a problem in the sense that performance is slightly diminished, plus it can’t test in real time without the risk of infectious software compromising your device.

The new era of email protection
Scammers are quite clever in the sense that modern efforts to phish are done via brand forgery. This means worries shouldn’t be focused on the poorly written emails from international sources – it’s the phishers who successfully emulate the look of your bank or a coworker’s email to gain access to disruptive information.

This is the reason cutting-edge email protection tools employ advanced algorithms to forensically pick apart minute details while running in the cloud that other systems can’t detect in real-time, especially when the threat is hot off the forgery press.

Today, the internet is transmitting an alarming number of communications that look real, instilling immediate trust, only to exploit unfortunate victims. Unfortunately, the human eye is no better.

Software running between your email endpoints inspects every little detail of a communication and prevents the most deceitful from ever reaching your inbox. Clearly defined tiers of warnings allow users to safely interact with all messages, preventing harm by sanitizing harmful URLs, fully validating senders via DKIM, SPF, and DMARC, and uncovering spoofing in any kind of false communication.

What’s hot on Infosecurity Magazine?