Today Iconix released its whitepaper, “Defending Against Spoofed Domain Spearphishing Attacks.” In this whitepaper, Iconix discusses the ease with which hackers can use spoofed email addresses to deceive email recipients.
Spoofed domain spearphishing is occurring because technology favors the social engineering schemes employed in spearphishing that are used to deceive recipients. It is technically easy to fake the sending email address that is displayed to the recipient. You can see a demonstration of how easy it is to spoof a sending domain at Spearphishing — The Movie. A little internet research yields substantial personal information that can be used to deceive the recipient. Email is the ideal medium for deception because the attacker has at his command all of the human factors needed to deceive the recipient. Given the ability of criminals to craft and deliver deceiving emails and use deceptive domains, email recipients are essentially unarmed in this battle of wits with spearphishers.
Social engineering deceives the users into becoming the agents of the criminals. What can be done to defend the enterprise against spearphishing? The enterprise can adopt a tool that identifies trusted email so that the target of the spear-phishing attack can distinguish real email from fake email. That tool is SP Guard from Iconix.
SP Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard is available now from Iconix. For further information, contact us at 408-727-6342, ext 3 or use our online form.