With the daily onslaught of news stories about companies losing millions of dollars to phishing scams, it is incredible to think that email security was practically non-existent as recently as the late 1990s. In fact, Yahoo Mail and Hotmail didn't roll out anti-spam and antivirus tools to the masses until 1999. (For those of the Gmail generation, that was back when @yahoo.com and @hotmail.com accounts were the "hip" alternative to mom and dad's @aol.com accounts.)
Obviously, spam filters and email antivirus scans rapidly became standard among email service providers and they continue to be in use today. Even though they have evolved to react to the latest threats, the problem is that these precursory email security solutions have never been proactive in helping to prevent future threats. The majority of these tools simply compare email contents to signatures of known threats.
One of the future threats that security solutions need to be able to address is whale phishing ("whaling"). Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly valuable information. Cybercriminals use this technique to lure senior executives or other key individuals to share valuable information or transfer funds to an account managed by the attacker.
To increase the efficacy of a whale-phishing scheme, cybercriminals will use spymail to gather intelligence on their victim before they move in for the attack. Spymail is an email that contains hidden tracking code that sends information about the recipient back to the sender. The recipient is unaware that such information has been shared with the sender, which allows the attacker to assess who opened the message, where the message was forwarded, the physical location of the user and more without being detected by the victim.
The best way to block spymail and help protect against a future whale-phishing attack is to invest in more advanced technology solutions. These solutions need to be supported with cybersecurity training, policies and procedures, among other precautionary measures.
In this slideshow, Paul Everton, founder of MailControl, has identified the top five ways to prevent a whale-phishing attack in your organization.
Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ... More >>
Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ... More >>
Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ... More >>