IT managers know it.
Since Covid19 helped make remote working the norm, security risk exponentially increased for employees. Outside the office environment, when all communications happen online, it is much easier for attackers to catch employees unprepared and bring them to click unsafe links - just like in the case below.
Real world scenario: conference call invite
It’s March 2021 and Jane receives yet another invite to a conference call. This time, the invite also includes a link to test the conference system prior to the call. The email is sent from a client Jane knows and trusts: Adam from adam@perfectshipment.com
Driven by psychological factors such as trust, sense of urgency, maybe fatigue from the long day spent in front of her laptop, Jane clicks on the link and by doing so, installs malware on her laptop which has the potential to expose her company’s confidential information and result in financial loss, damage in reputation, maybe even business interruption for the employer.
IT departments, overwhelmed by ordinary tasks, are the first to get the blame while what is in fact happening is a successful exploitation of human instincts including, in this case, trust. Should we then react to cases such the one described above by blaming humans for their errors? That would be a mistake as well. Statistics show how phishing successful rates are extremely high across all organizations and departments.
Once again, we are left with the question: what can IT departments do to decrease the success rate of phishing attacks against their organisation?
What is phishing?
Phishing is a form of cyberattack where cybercriminals impersonate a trusted party to bypass security controls - such as firewalls, antivirus and so on. Unlike other types of attacks, phishing relies heavily on humans being the weakest link in security. Mass phishing and spear phishing can also make use of social engineering techniques, to further strengthen the effect of factors like curiosity, helpfulness, authority and induce the victim to perform a certain action.
Unlike other types of cyberattacks, phishing relies on humans being the weakest link in security.
The numbers are impressive: according to recent statistics, 3.4 billions fake emails are sent every day.
There are typically two types of phishing emails, depending on who the sender is, or pretends to be:
TYPE 1: Phishing emails that impersonate well known brands
Users easily fall for this type of scam as human nature tends to heavily rely on visual cues when making fast decisions, and these emails can look, at a quick glance, completely identical to emails sent by the brands themselves.
Fortunately, types of phishing emails are normally successfully detected and blocked by industry leading anti-phishing tools (see: Gartner).
TYPE 2: Phishing email that impersonate people the users know and/or trusts
This second type of phishing attack can be further classified in two subtypes:
- Business email compromise (BEC), when the phishing email is sent via the hijacked account of a colleague, client or supplier
- Spoofed email addresses, in which an email has been manipulated to look as if it originated from a trusted source
Emails impersonating people we might know - a supervisor, colleague or classmate might contain no suspicious link/attachment that cannot be detected as malicious by anti-phishing software. Sometimes, as it happens with BEC attacks, the sender’s email is legitimate, and therefore the software has no reason to block it.
Emails impersonating people we might know - a supervisor, colleague or classmate might contain no suspicious link/attachment that cannot be detected as malicious by anti-phishing software.
Such emails are also the most dangerous as they usually contain instructions for payment requests, typically made by a supervisor/manager to a reporting employee, often with an added sense of urgency or with mention to specific situations whose details the attacker has gathered through simple research or social engineering.
How can I protect my organization from phishing attacks?
When software and filtering algorithms fail, companies rely on manual processes and IT support personnel. Additional procedures are added.
Manual work and checks that must be performed by an understaffed, overwhelmed IT department, creating a bottleneck that negatively affects productivity, and delay decision making, while distracting the IT team from other necessary tasks.
These emails are often let through by traditional anti-phishing software, and end up in a procedural bottleneck that threatens IT departments’ performance.
How can APBot help?
If users are the weakest link in each organisation’s security - can we turn them into the strongest resource against phishing scam?
In the example above, Jane was tired after a long day at work, and she quickly clicked the URL included in the email sent by a trusted contact. What could have been done differently had she been using APBot?
Why is APBot different?
APBot takes on the challenge of empowering users instead of simply letting them rely on a simple email forward to IT. By participating in the collective crowdsource of cybersecurity intelligence, users can play an active role in identifying cyberattacks that might slip through anti-phishing software, and avoid overloading companies’ IT resources with requests.
APBot allows users to check and verify any email instantly with just a few clicks and within a minute, saving valuable time, freeing up IT resources and empowering the staff to confidently authenticate emails.
With just one click, the users can detect and report a phishing email. While doing so, they also help flagging the sender and increasing security for the whole APBot community.
Finally, APBot is designed in accordance with the “privacy-by-default” principle. Unlike most common anti-phishing tools, it detects email frauds based on the sender’s behaviour, such as email delivery path, and network profile and does not require reading the email content.
Conclusion
While most anti-phishing solutions are designed for IT professionals with cybersecurity knowledge, APBot prioritizes usability, and information gathering done by users themselves. With just one click, the users can detect and report a phishing email. While doing so, they also help flagging the sender and increasing security for the whole APBot community.
In today’s information society, users' collaboration has contributed to changing the framework through which information itself is shared. Maybe it’s time cybersecurity intelligence stops being a tool for few professionals and is brought back to the end users, giving them a chance to participate in the algorithm and information gathering that will eventually help protect them.