Contact Us




Change Locale

How to Avoid Drowning in Spam and Phishing Emails

Uncategorized | Posted on August 14, 2018 by schap

As we have continued to improve anti-phishing capabilities for clients over the past few years, we have seen a myriad of changes in phishing email composition, style, and approach. Throughout all those changes however, one thing has remained the same.

The proliferation and subsequent visibility of both spam and phishing emails continues to climb and the need for real-time or near real time analysis of reported emails is becoming paramount to getting ‘left of breach’ in the phishing kill chain.

Those real-time analysis efforts are impacted by several factors, including but not limited to the following:

  1. Ebb and flow of spam and phishing campaign delivery
  2. Inclusion of benign spam in reported suspicious emails
  3. Ability to automate part of the analysis process, properly written rules and recipes for filtering known emails, and focused analysis on what remains

The Tide Continues to Rise

SPAM continues to make up the bulk of emails received and reported by our customers and there is certainly a ‘feeling’ that the amount of SPAM in the wild is increasing. While this is likely true, it’s more probable that spammers are getting better at using ‘Trusted Sender’ techniques that avoid detection and filtering.

For example, industrious spammers look to take advantage of sending from authorized accounts on webmail gateways. Utilizing multiple accounts, they are then able to send spam in smaller bursts to get their messages delivered with a higher frequency of success.

Add to that the technique of sending spam from compromised (known and trusted) email accounts and the amount of successful deliveries just continues to climb. Not to mention further increases in the successful delivery of BEC style phish designed to exploit gaps in technological defenses and email credential phishing (often posing as ‘file sharing’ notifications).

These increases in successful delivery can and often do present significant challenges for incident responders and others tasked with analyzing reported suspicious emails.

Within the CofenseTM Phishing Defense Center, we see evidence of increases in both spam and malicious emails within the user reporting that we analyze and help our clients respond to. Notice below, the ebb and flow of reports per month and the increase in average volume of reports over time.

To Deal with the Problem, Take a Multi-tiered Approach

To address those trends, you’ll need to consider multiple approaches to ensure incident response teams are prepared to deal with increases in both spam and real threats as the free flow timing of malicious email campaigns creates an uneven influx of emails to analyze and mitigate.

  1. Know who in your organization would be targeted and what could be the impact if compromised
  2. Dedicated incident response and threat analysis resourcing
  3. Automation of real-time analysis (rules and recipe creation, sandbox integration, etc.)
  4. Specific procedures to handle phishing attacks (malware delivery, credential theft, BEC)
  5. Targeted active threat simulations

While anti-phishing programs are not limited to the above list of considerations, each of these is key to providing focus and opportunity to empower incident response teams in the ongoing battle against increases in the successful delivery of malicious email.

Because it is impossible to predict when phishing and spam campaigns will begin and end, and because we can not know their delivery success rates in advance, we need to consider an appropriate resourcing model for teams tasked with responsibility for response.

Understanding the cost limitations of being fully staffed for a heavy load, it’s critical that organizations find and maintain staff for standard workload while preparing to flex/increase resources when needed.

This can take the form of internal resources with other responsibilities being ‘turned up’ as needed, adding qualified 3rd party resources for peak times, or even outsourcing all your email incident response management.

In addition to resourcing flexibility, we can’t ignore the value of automated (high-level) analysis. Every opportunity to automate the identification of known / existing threats should be implemented to allow our human resources to focus on what is new so they can identify the unknown and proper steps for mitigation.

Last, we need to look at another primary driver of increases in IR workloads. That driver is the increase in recognition and reporting of suspicious email. Successful anti-phishing programs are changing end-user behavior and increasing the amount of available phishing intelligence while also increasing the need for analysis and response; a good ‘problem’ to have.

That said, anti-phishing programs can help alleviate this issue as they mature. The greatest impacts on quality (i.e. – a higher percentage of real threats overall) within user reported threats is continuing education regarding differences between spam and an actual phish, as well as a simulation program that continues to close in on / focus on active threats specific to your organization.

Modeling and simulating active threats for your users helps them understand exactly what you are looking for and the threats they are facing. This focus will not eliminate spam resorts altogether, but as you continually assist your users to mature their recognition capabilities and automate known variables for analysis, you will be better able to manage any sudden influx of spam and phishing that arises.

Learn how Cofense PhishMeTM helps users recognize phishing and reduce susceptibility by up to 95%.

This article was originally published here.

Related Articles

In 2019, Softchoice’s Innovation Executive Forum (IEF) toured North American cities once again and learned first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. In this new Digital Transformation Trends report, we bring you the Top 10 highlights from our roundtable discussions in Atlanta, Denver, and Toronto. These insights were shared by groups […]

Culture | January 20, 2020 by Karen Scott

Our Commitment   At Softchoice, we are committed to providing an engaging and inclusive environment where every employee can bring their whole self to work. Softchoice believes in creating an environment where all employees – regardless of gender, age, sexual orientation, race, religion or cultural background – feel accepted and supported to succeed. And I recognize that this […]

If the last 12 months have taught us anything about digital transformation leaders, it’s this: cybersecurity is a central concern. And it’s going to get harder before it gets easier. As we toured North America with the Innovation Executive Forum, cybersecurity came up in multiple contexts, across multiple industries, across a whole gamut of departments, […]