Contact Us




Change Locale

Their email filters missed these threats. Good thing the users didn’t.

Uncategorized | Posted on August 14, 2018 by schap

Technology is an important part of any phishing defense, especially perimeter tech designed to filter emails. But these systems, even those billed as “next-gen email security platforms,” don’t catch everything. Some phishes always get through.

Let’s look at a couple of real examples, straight from the lives of organizations whose filters missed malicious emails. In both cases, users reported the emails to security teams who blocked the attacks. Working together, flesh-and-blood human beings kept credentials theft to a minimum, sealed off further network access, and prevented serious harm.

Real-Life Example #1: Spoofing the CEO

In our first example, an attacker used an already compromised account to send an email that convincingly spoofed the CEO. The compromise made it difficult for the email filter to spot the phish—the technology simply didn’t work fast enough. The email’s language had the same effect on employees. The attacker parroted language on the company’s website and within a matter of minutes, lots of employees clicked.

Fortunately, users trained through Cofense PhishMeTM were alert and reported the email via Cofense ReporterTM, our email toolbar button that empowers users to “say something” when they “see something.” A human security analyst detected signs of compromise, investigated further, and escalated the matter. The security team blocked the phishing site the email linked to and extracted the email itself from employee inboxes.

In short order, this organization stopped a sophisticated phishing attack, thanks to human sensors who were the last line of defense.

Real-Life Example #2: Spoofing HR

This time, the attacker posed as an HR specialist, sending an email with the subject line of “Salary Adjustment.” No wonder users clicked! As in the previous example, the attacker smartly mimicked the company’s words and tone, plus included the brand logo and other “official” flourishes.

The email came from the .ga country-code top-level domain (TLD). Country-code TLDs often have looser security standards, making life harder for humans and machines alike. For whatever reason, the email filter missed the phish. It not only got past the perimeter but roamed around for several days, luring employees to click and enter network login credentials.

Finally, employees started reporting it—again, as simple as clicking one button thanks to Cofense Reporter—and the security team could act. Considering breaches often go undetected for 100 days, a lapse of two or three days, while not great, could have been worse. If the company hadn’t complemented its email filters with well-trained users, a dicey situation could have ended very badly.

Perimeter defenses have their place, but they’re not a magic shield. Hackers will always be able to move faster than technology. A solid security program must include human sensors, well-conditioned employees, to bridge the gap and block threats.

Learn more about Cofense PhishMe’s security awareness training.

This article was originally published here.

Related Articles

In 2019, Softchoice’s Innovation Executive Forum (IEF) toured North American cities once again and learned first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. In this new Digital Transformation Trends report, we bring you the Top 10 highlights from our roundtable discussions in Atlanta, Denver, and Toronto. These insights were shared by groups […]

Culture | January 20, 2020 by Karen Scott

Our Commitment   At Softchoice, we are committed to providing an engaging and inclusive environment where every employee can bring their whole self to work. Softchoice believes in creating an environment where all employees – regardless of gender, age, sexual orientation, race, religion or cultural background – feel accepted and supported to succeed. And I recognize that this […]

If the last 12 months have taught us anything about digital transformation leaders, it’s this: cybersecurity is a central concern. And it’s going to get harder before it gets easier. As we toured North America with the Innovation Executive Forum, cybersecurity came up in multiple contexts, across multiple industries, across a whole gamut of departments, […]