Large companies generally have IT teams to deal with phishing attacks but really, there is no perfect defense from a determined phisher who wants to get you to click on a link. Once you click, they could install a backdoor which gives them access to your passwords or perhaps they could start installing ransomware.
All a company can do is be as protected as possible. One way to achieve this is with strong anti-phishing tools – similar to the ones rolled out by Intermedia last week.
The company says they have unveiled Enterprise-grade anti-phishing protection, designed for SMBs – otherwise knows and small and medium businesses.
The new Intermedia Email Protection features include:
- Similar domain check: Spear-phishing campaign authors will typically register an email domain that looks ‘similar’ to a company’s email domain (e.g., iintermedia.net with two i’s instead of intermedia.net). Intermedia’s domain check feature uses a similarity algorithm to confirm that the sending domain is in fact is someone from within the organization.
- User impersonation check: Spear-phishing attacks target specific employees within an organization, by impersonating someone they know – most typically the CEO or other high-profile individuals. Since many email clients prominently show the sender’s display name (instead of their actual email address), attackers will commonly change the display name in an attempt to trick the recipient. Intermedia’s impersonation check featue helps identify and eliminate this threat.
- Suspicious content check: This feature performs an email content inspection to pinpoint vocabulary and language that might indicate a spear-phishing attack. The message can then be blocked or a subject tag (such as “[POSSIBLE PHISHING ATTEMPT]”) can be added, alerting the recipient to take greater caution when reading and acting upon the message.
- Tag messages from external senders: This is a straightforward way for users to know if a message originated from outside of the organization. The word “[EXTERNAL]” can be added to all messages sent from someone outside of your company, so emails that appear to be from a colleague but contain this subject tag should be treated as suspicious. This feature is most effective when coupled with security training for your employees on how to react to these kinds of messages.
- Reply-to check: A phishing email will often contain an innocuous message like, “Hi John, are you there?” to elicit a spontaneous reply. This feature checks the “reply to” address of a message to alert readers if they are sending a response to a different address from where the email originated.
- Domain impersonation check: To help stop attackers from spoofing a company’s email domain, this feature determines if the sending domain of an external message is an exact match to a company email domain. These messages should simply be dropped unless they originated from specific, predefined sources.
Often a user is not paying attention and they click on something they shouldn’t as a result. Attackers are getting smart and they hope to catch workers not paying attention. Perhaps late at night or before their morning latte.
One of the big challenges users need to be on the lookout for is font-spoofing, something we have warned about before. It’s where new Cyrillic and other characters now allowed in domain names are used to almost perfectly mimic a domain you are familiar with.
Let’s say an attacker wants to target your CEO. They can do some searching online and via social media to find their interests and perhaps the names of their family members. The attacker then tries to guess what their email addresses could be. Let’s say JaneSmith@gmail.com for example. Assuming they have access to a domain similar to gmail.com, they make such an email address and send you something from this account, hoping you will click. Another option is to see who the CEO tweets with and impersonate one of these users in email.
These are just a few examples but you get the idea.
If you are an Intermedia reseller, channel or MSP, you may be wondering what all this will set you back. To find out more we reached out to Melanie Lombardi with Intermedia and asked a few questions. This is what we learned.
[These features] are included with all packages for all partners at no additional charge. For customers, these features are included in most plans or as a $1 upgrade for those who are on the Intermedia Email Protection Lite version of the service.
We also asked how does this compare to Microsoft’s offerings. This is what she told us:
Regarding Microsoft, the comparison is a little unique since Intermedia Email Protection is currently only available for Hosted Exchange users. But if we push past that fact, while Microsoft’s Exchange threat protection or Advanced threat protection offers domain spoofing checks, they currently don’t offer the following features: Similar domain check, user impersonation & reply-to check, Suspicious content check, Tag external Emails.
There you have it. In the war against phishing, Intermedia has just deployed a no/low-cost solution for MSPs and small businesses (I am sure large companies would benefit as well) which should help minimize the threats faced from today’s phishers and cybercriminals.