- Articles
- Hackers are email phishing in shark-infested ...
Table of Contents
Are you familiar with this saying? Make something idiot-proof and the universe just makes better idiots. Well, a variation of that trope can be used to explain email phishing…but the people designing phishing software and malware are far from idiots.
IT experts have been playing whack-a-mole with a half-tonne hammer. Anticipating the threat, the source, and – more importantly – mobilizing the fix takes time for software providers. They have to disseminate their upgrade to millions of users…
However, by the time developers have designed a solution to one game, the hackers are on to the next. They are capitalizing on the law of large numbers. They mine what they need from their email phishing efforts in short bursts, and shift to a new target.
They don’t need to hack every user every time…just some of them, some of the time. They profit by honing in on quantity, not quality.
IT departments have to play by the rules – international, federal, state and corporate. Hackers, on the other hand, don’t play by any rules at all.
Thanks to machine learning, it’s no longer a rigged game of botnet whack-a-mole
Botnets – robot networks – are managed by a single attacking party, known as the “bot-herder”. And, for the most part, they’re not out to hijack your identity.
Their primary objective is financial gain.
Each machine answers to a discrete bot, but is controlled by a network that has thousands – sometimes millions – of bots. The bot-herder is able to adjust tactics based on updates to individual or organizational systems.
It doesn’t rely on a malware download to achieve its objectives. It’s learning from the collective data gathered by responses to emails across its entire network and stealing financial information accordingly.
So, here’s the good news.
People tasked with identifying and eliminating these nimble hackers have come up with an equally nimble solution: machine learning.
The battle against email fraud has changed.
Email phishing in shark-infested waters
There are steps you can take to protect your employees from exposing themselves – or your company – to a security breach. With the vast majority of people in tech, accounting, law, finance, to name a few, are working from home, the crossover from work to personal online domains is blurry at best.
Arming them with basic failsafes is one of your responsibilities as an employer. You want them to be wary of emails that contain certain triggers and signals.
Email addresses with misspelled words. With so many hackers taking advantage of well-known online companies like Amazon, Apple, and chartered banks, your employees should look closely at the URL for switched letters or odd extensions.
Emails that tap into emotions. Unfortunately, hackers are playing on people’s fears around COVID-19, the vaccine, and their financial stability because of the pandemic. It’s the most prevalent trigger for an already jumpy population. The email addresses and websites can be legitimate, rather than a variation on Pfizer, Moderna, CDC, FDA, or any other agency dealing directly with the pandemic.
Emails that play on urgency. Most people think of their Inbox as a firehose. The input comes at them with a ferocity that can overwhelm even the most disciplined person. Email phishing counts on that sense of overwhelm, the need to deal with the most ‘inconsequential’ problems quickly. So an alert threatening discontinuation or interruption of a PayPal or Amazon account – highly relevant in today’s consumer climate – isn’t always scrutinized. Users quickly update their payment information…handing over their financial resources on a platter.
You can instruct your employees to watch for those traps and filter them out. But for the more subtle and persistent hooks, machine learning does the filtering for you.
Gone are the days when lists of potential email header threats were amassed and catalogued by hand, uploaded and implemented on a company server.
Using a two-stage classification process, phishing filters can collate and cross-reference patterns in headers and URLs and predict the likelihood of the source presenting a threat to your company, or members of your team.
The filter adapts to the ever-changing tactics used by hackers, remembering common threats and storing them, adjusting their algorithm and adding an unseen, highly effective layer of protection.
Please don’t tell me how it works, just make it work
If you’re managing an organization with a dedicated IT department, you’re counting on them to decode the rapidly changing threats that can expose your employees and your company to email phishing attacks.
Regardless of scale, though, your business can benefit from engaging the services of a software solutions provider who can guide you through the network options, and also provide training for your team.
An investment in IT security can pay dividends…both in the prevention of loss to your company, and to your valued employees.
If you’d like to learn more about email phishing and malware threats, contact us.
Related articles: