The United States Patent and Trademark Office has issued Iconix's tenth patent titled "Authenticating and Confidence Marking E-Mail Messages." The abstract for U.S. Patent 10,110,530, dated October 23, 2018, states: "Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message."
In a recent article entitled Phishing Is the Internet’s Most Successful Con, the Atlantic observes: Phishing doesn’t attack computers. It attacks the people using computers. The Sting - The Art of the Con Cormac Herley, a principal researcher at Microsoft Research, observes in the article: Many security-professional and media recommendations exhort eternal vigilance, paying attention to every detail. This is terrible advice. I’m a professional with years of experience in this space and I don’t bother to inspect my emails or carefully read all my URLs: I have things to do. As a strategy for the constant level of [...]
The United States Patent and Trademark Office has issued Iconix's ninth patent titled "Rapid Identification of Message Authentication." The abstract for U.S. Patent 10,063,545, dated August 28, 2018, states: "Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.” Prof. Arun Vishwanath, Iconix’s Science [...]
On May 7, 2018, the FBI published its report of online crimes, 2017 Internet Crime Report. This vis summaries the FBI's findings: The largest losses were attributed to the Business Email Compromise/Email Account Compromise in which the victim is tricked into sending money to criminals. This crime is almost exclusively committed using deceptive emails. Deceptive emails are also used to commit other internet crimes such as data breaches, identity theft, phishing, and ransomware. SP Guard fights email deception by helping users identify suspicious emails.
On Friday, March 23, 2018, the United States Justice Department charged nine Iranians with the cyber theft of massive amounts of U.S. intellectual property. Quoting from the Justice Department press release: The defendants were each leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the [...]
Google and Facebook were victims of a spearphishing scam in which the attacker stole $100 million. Paragraph 6 of the indictment details some of the allegations: ... as part of the scheme, fraudulent phishing emails were sent to employees and agents of the Victim Companies. The emails purported to be from employees and agents of Company‑1 [the real supplier], but in truth and in fact, they were not sent or authorized by employees or agents of Company‑1. The fraudulent emails were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents [...]
Look familiar? This is the familiar Google login page. The main display is correct. The google favicon is in the tab. The URL has gmail in it. Oh, but it isn't Gmail! In a recent blog posting, researchers at Fortinet remind us of this unfortunate fact: The easiest way to steal credentials is to ask for them! In this criminal enterprise, the service provides all the tools a bad guy needs. The bad guys offer an easy to use interface to create the fake gmail page. The bad guys provide the backend that harvests the credentials from the page. Finally, the [...]
ICONIX, Inc., the industry leader in visual email solutions, announced that the United States Patent and Trademark Office has issued Iconix’s eighth patent titled “System and Method for Securely Performing Multiple Stage Email Processing With Embedded Codes.” The abstract for U.S. Patent 9,325,528, dated April 26, 2016, states: “A system and method for performing email processing at multiple stages along an email delivery chain.” Technology from this patent is applicable to all of the Iconix® offerings, including the Iconix Truemark® service, which helps protect consumer users from phishing attacks, and Iconix SP GuardTM, which helps protect enterprises from spear-phishing attacks. The [...]
ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix's seventh patent titled "User interface for email inbox to call attention differently to different classes of email." The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: "Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.” Technology from this patent is used in all of the Iconix® offerings, including the Iconix Truemark® service, which [...]
The accounts of tens of millions of Anthem members are stolen. $1 billion are stolen from banks. Sony Pictures is compromised. The Chinese steal US military aircraft plans. The President of the United States decries the losses and appoints someone to fix the problem. Yet, what is the problem? Professor Arun Vishwanath, writing in The Conversation tells us that the system resource being exploited over and over and over again isn't some router or disk drive or program -- it is you, the person operating the machine. It's You! In Before decrying the latest cyberbreach, consider your own cyberhygiene, [...]