Anti-Phishing On Alert: The Solution to Corporate Phishing Scams
Phishing scams have been around for such a long time, it almost feels as though phishing emails were invented the day after the first email was sent. Scammers take advantage of employees’ naivety and errors and find creative ways to mask malicious intent with what may seem like trustworthy content. Potential attacks are lurking in every business email, DM or text we receive, and every website we visit.
Anti-phishing solutions identify such content, alert users and/or block the potential attack. Some solutions protect users’ password usage to prevent attackers from obtaining it using a phishing website or form. As hackers become increasingly creative, anti-phishing software must be quick to evolve and respond.
The alarming increase in business phishing attacks
Phishing attacks are very common. Recent reports show that nearly a third of all 2019 data breaches involved phishing, and almost 40% of employees would fail to identify a phishing scam. The average attack would cost companies an average of $3.8 million.
According to security expert Ryan Cloutier, unprotected business data during the COVID-19 pandemic “is equal to leaving the windows and doors of your home open and then leaving”.
Hackers are happy to take advantage of employees working from home and using new technology tools. The increase in internet use creates more options for them to attack, and cybersecurity consultant David Kennedy states that there’s a “500% increase in attacks directly related to work from home individuals”.
New hacker favorites during these turbulent times also include medical companies working to find a cure for the virus, such as drugmaker Gilead, which was targeted with a fake email. This should come as no surprise to cybersecurity professionals who know that attackers will stop at nothing, and so they must be stopped using sophisticated anti-phishing solutions.
Fighting phishers with business anti-phishing solutions
There are means for companies to fight back and prevent phishing attacks on business assets and employees. Anti-phishing solutions are traditionally divided into the two following categories:
- Content-based solutions: These anti-phishing solutions capture and analyze the content on a certain website, for instance, in order to detect abnormalities. These may include grammar and spelling mistakes that are uncharacteristic for the website, as well as images, links, JavaScript and code, WHOIS information, and more.
- Characteristics: Content-based solutions have a wide pool of parameters for CISOs to rely on and are based on deep expertise of hackers’ methods, which allows the company’s security team to detect them more easily. Unfortunately, savvy hackers can often create content that fails to trigger this anti-phishing mechanism, even with trained security experts involved.
- Non content-based solutions: These solutions focus on identifying suspicious URLs and analyzing them based on parameters such as page rating, domain popularity, and more. The company’s security team can compare the URL to blacklist and whitelist databases to determine its nature.
- Characteristics: The good news is that this approach doesn’t rely on content that hackers can simply fake, and instead allows CISOs to take a look “under the hood” and beyond the content itself. It should be noted, however, that blacklist and whitelist databases managed by companies are limited by nature and require constant updating, which creates the possibility of a hacked website failing to fall into the right category.
The BrandShield Approach
The BrandShield approach combines the best of both worlds and adds new capabilities to each of the anti-phishing methods we’ve mentioned. This is done by analyzing both content and non-content features using advanced AI-powered pattern recognition tools, and with the help of enforcement experts who examine content and non-content elements in the right context. In addition, detected phishing threats do not remain unattended and are taken down immediately.
Only by embracing a proactive and creative approach, will companies be able to stay one step ahead of phishing hackers and prevent serious damage to their business and reputation.