Today Iconix released its whitepaper, “Online Attacks Get Personal.” In this whitepaper, Iconix discusses the disturbing trend of email attacks moving from general, widely distributed scams to highly personalized spearphishing emails.
This trend is occurring because technology favors the social engineering schemes employed in spearphishing that are used to deceive recipients. It is technically easy to fake the sending email address that is displayed to the recipient. A little internet research yields substantial personal information that can be used to deceive the recipient. Email is the ideal medium for deception because the attacker has at his command all of the human factors needed to deceive the recipient. Given the ability of criminals to craft and deliver deceiving emails, email recipients are essentially unarmed in this battle of wits with spearphishers.
Social engineering deceives the users into becoming the agents of the criminals. What can be done to defend the enterprise against spear-phishing? The enterprise can adopt a tool that identifies trusted email so that the target of the spear-phishing attack can distinguish real email from fake email. That tool is SP Guard from Iconix.
SP Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard is available now from Iconix. For further information, contact us at 408-727-6342, ext 3 or use our online form.