I read an article on IT Pro UK recently that an email scam robbed two major tech companies of $100 million. It just goes to show that even very IT savvy companies can fall for email phishing attacks, and that if something looks credible we tend to believe it.
Organised criminal gangs have invested heavily in increasingly sophisticated phishing attacks, and they can be very successful. Telecom provider Verizon reported, in its 2015 Data Breach Report, that 23% of phishing email recipients open the email, and even worse, 11% open the mail and click on the malicious attachment.
But don’t think that just because you haven’t got millions of pounds to lose that you aren’t an attractive target for scammers. Criminals won’t say no to £5K here or £10K there, it all adds to their haul.
Your luck will run out eventually
It seems to be happening more and more, a close friend of mine said his Financial Director phoned him to ask why they were transferring money to a new supplier so quickly and he responded that they weren’t… He had an email that looked genuine, with a perfectly credible request to send an amount of money that a business of that size would expect to pay a supplier. They were lucky. That time.
I mentioned this to a few other friends who also run businesses, and that’s when I heard all the stories – yes it’s happened to them, or it’s happened to a friend of theirs. It seems to be happening all over the place!
So what do we do?
Well of course you should ask your staff to be very vigilant, but don’t expect that to protect you from all phishing attacks. Humans are fallible and when the pressure is on people don’t like questioning their boss or senior management to check if they actually just sent that email.
Since Symantec acquired Bluecoat we’ve been looking the the Symantec Email Security.cloud. It has some of the strongest protection against spear phishing by using deep link evaluation to stop malicious links before an email is even delivered.
How it stacks up
Symantec ran an internal test to measure the threat detection capabilities of Email Security.cloud against other industry solutions. The results showed that not only did it have the highest effectiveness (99.62% detected), it was one of the most accurate email security products (0.04% false positive rate). In addition, while some competitors have become less effective over time, Symantec has maintained a high level of effectiveness.
It’s also great to see that Mimecast, another vendor we recommend and work with are a close second.
Couple the Symantec Email Security.cloud with their Secure Web Gateway and you will gain even more protection, just in case a phishing email slips through the net and somebody does click a malicious link.
Please remind everyone to be cautious at all times about money and password requests and if you haven’t got an email or web security tool that can protect you from these sort of threats my advice would be to get it quickly, unless you fancy lining the pockets of some con artist. If you want some more info or advice please drop me a line.
