Why are phishing attacks still a huge problem?

Phishing attacks are a problem we have been dealing with some time now and unfortunately there is no sign that this type of threat will disappear anytime soon. Attackers know that there is an almost limitless source of people to target and therefore, they will continue to target them.

Like many types of cyber-attack, the methods and complexities of phishing have changed over time and in recent months we have seen typical practices advance with the use of ever more sophisticated techniques. This evolution has resulted in many organisations receiving phishing emails into their inboxes because their in-place email security solution has failed to identify and intercept the threat, thereby leaving the email recipient in the position of last line of defence and in many cases allowing the attack to progress.

The root issue therefore is fairly basic; phishing is still a huge problem because businesses fail to keep pace with hackers. Businesses need to learn about new and emerging threats and then enhance their email security features and capabilities to help prevent phishing attacks.

More advanced anti-phishing solutions use a combination of techniques to detect and prevent phishing attacks, many are now making use of artificial intelligence (AI) to identify malicious email that traditional gateway type solutions frequently miss, these next generation technologies “learn” an organisations unique communication patterns and then leverage this to identify anomalies and phishing attacks in real-time, by discovering these anomalous communication patterns either within the body of the email itself or within an included link or even the email header, it is possible to stop advanced phishing attacks that would normally evade other email security systems.

Solutions that include artificial intelligence can also detect the various types of threat where an attacker will use employee impersonation, including impersonation of senior staff or executives whose responsibilities involve significant financial transactions and therefore are at higher risk of being targeted and are therefore a priority for detection and prevention.

It is critical to assess and understand your email security vulnerabilities, particularly to identify any email threats that got past your email gateway. If like many businesses you have moved to office 365, we can run a simple non-invasive tool that uses artificial intelligence and API integration with Office 365 to quickly and effectively find advanced phishing attacks currently sitting in your mailboxes.

One of our customers was worried that they were being targeted but were not seeing the attacks get intercepted by their email security, we used the tool in their environment and identified a large amount of phishing emails that were residing within users mailboxes, the tool also clearly demonstrated that senior members of staff were being disproportionately targeted by cyber criminals looking to intercept and exploit financial activities that included payments and banking transactions.

Fortunately, this is a relatively simple deployment project, often carried out and completed in a coupe of days..