Page 29 - Cyber Defense eMagazine - October 2017
P. 29
Unfortunately, the current widely implemented standard, DomainKeys Identifed Mail
(DKIM), can only verify the server, not the individual, from which an email arrived. DKIM
specifies one key per server. That’s fine if the server is, say, bankofamerica.com, but what
if a spoofer sent from bankofarnerica.com? The combination of “r+n” looks closely like
an “m”, especially in some san serif fonts such as Arial. Inky Phish Fence is smart
enough to catch this among many other newer forms of intelligent phishing attacks.
Those ‘last generation’ anti-phishing solutions protect against malware attachments
and spam, which is important. They sometimes claim to deal with phishing, but they
only recognize phishing attacks via URLs that people have previously reported. Cisco
Umbrella, for example, relies on the PhishTank database of reported phishing URLs.
Unfortunately, this approach doesn’t work on the large and growing array of phishing
attacks that have never been reported, have URLs uniquely targeting recipients, or lack
URLs entirely (such as spear phishing wire fraud emails).
I’ve been a strong proponent of user training and awareness and have recommended
PhishMe on numerous occasions. However, we find that after training, many users are
easily co-opted, yet again. What I like even more is how Inky Phish Fence is not
simulation – it’s real-time security. It gives end-users and IT staff specific feedback on
real email they’ve received. Lately, the most recent phishing attacks look no different to
the human eye than legitimate messages. So, it’s time someone solved this problem.
This next wave of phishing attacks includes forgeries that are visually indistinguishable
from the brands they are attempting to impersonate. Attackers are using domain names,
URLs, and logo imagery that humans cannot differentiate from the real thing. An
example is the recent attack using the domain bankofarnerica.com (note the letter M
has been replaced by the visually similar RN sequence). This kind of differences so subtle
that even trained cyber security experts have a hard time spotting it. The bottom line is:
no amount of training can make users see something that isn’t there.
Uniquely, Inky Phish Fence anti-phishing engine performs content checks to identify
these attacks. Phish Fence incorporates over two dozen content checks based on
heuristics and AI, and represents the next generation phishing protection, built to
address this new wave of attacks. Inky Phish Fence uses machine learning models to
look at each email – the text and imagery – as a human would, to identify brand
impersonation. No other solution does this, and without this protection you remain
exposed to email-based phishing attacks. Finally, Inky Phish Fence both protects and
educates users. Gateway solutions simply quarantine mail that fails their checks, leaving
users confused about what happened. Inky Phish Fence gives users feedback they can
understand about exactly what seems suspicious.
29 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
