With the daily onslaught of news stories about companies losing millions of dollars to phishing scams, it is incredible to think that email security was practically non-existent as recently as the late 1990s. In fact, Yahoo Mail and Hotmail didn't roll out anti-spam and antivirus tools to the masses until 1999. (For those of the Gmail generation, that was back when @yahoo.com and @hotmail.com accounts were the "hip" alternative to mom and dad's @aol.com accounts.)
Obviously, spam filters and email antivirus scans rapidly became standard among email service providers and they continue to be in use today. Even though they have evolved to react to the latest threats, the problem is that these precursory email security solutions have never been proactive in helping to prevent future threats. The majority of these tools simply compare email contents to signatures of known threats.
One of the future threats that security solutions need to be able to address is whale phishing ("whaling"). Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly valuable information. Cybercriminals use this technique to lure senior executives or other key individuals to share valuable information or transfer funds to an account managed by the attacker.
To increase the efficacy of a whale-phishing scheme, cybercriminals will use spymail to gather intelligence on their victim before they move in for the attack. Spymail is an email that contains hidden tracking code that sends information about the recipient back to the sender. The recipient is unaware that such information has been shared with the sender, which allows the attacker to assess who opened the message, where the message was forwarded, the physical location of the user and more without being detected by the victim.
The best way to block spymail and help protect against a future whale-phishing attack is to invest in more advanced technology solutions. These solutions need to be supported with cybersecurity training, policies and procedures, among other precautionary measures.
In this slideshow, Paul Everton, founder of MailControl, has identified the top five ways to prevent a whale-phishing attack in your organization.
Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ... More >>
While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ... More >>
Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ... More >>