Time and time again I have written about different phishing techniques but have yet to talk about how to prevent phishing in detail. Well no longer. I will run over a bit of the history of phishing below, and then how PhishPrevent can help your business with its proprietary mix of AI intervention, human security engineer review, and companywide oversight.
Where did Phishing come from?
The origin of the name phishing came from, you guessed it, the word fishing; providing bait for an unsuspecting victim, in this case, to cause harm. There is also a good reason for switching the ‘f’ in fishing to ‘ph’. Some of the earliest known hackers back when the internet was first getting started were known as ‘phreaks’. Combine the two words, and boom, you have the newly coined term phishing. The ‘ph’ spelling was used to link the original scams to these hacking communities.
According to the records that are kept of the internet, the first instance of the word phishing being used was recorded on January 2nd, 1996. A newsgroup called AOHell first mentioned the term, and unintentionally predicted one of the first online criminal issues to take place.
Back when AOL was the primary provider of internet access, millions used their service each and every day. Hackers first began phishing by utilizing algorithms to steal user’s password information, and then created additional algorithms to randomize and submit credit card information. With a few lucky hits, and the lack of security protocols that we expect today, these phishing attempts were wildly successful, but not what we think of as phishing today. AOL quickly and quietly fixed this issue in 1995, ironically before the term phishing was even thought of.
With their randomized credit card scheme effectively useless at this point, what we think of as phishing today began. Through AOL instant messenger, the first form of malicious online social engineering was born. Random AOL accounts would pose as employees of the company asking users to verify their credentials or confirm billing information. As this was a new and unknown threat, more often than not, users would fall for this scheme. AOL picked up the practice of providing the warnings that we see today such as ‘We will never ask for your credentials’ to keep people from providing sensitive information through such methods.
The basic concept of phishing sensitive information online has not changed much since its heyday back in the 90’s, however the breadth and depth has grown immensely. Instead of the hackers targeting individuals for a single credit card number, or credentials to a site online, they have gotten much bolder. Phishing today involves the same practices on an unprecedented scale. From stealing unprotected IP to locking down multi-million-dollar companies with ransomware, the scale of these attacks went from costing hundreds to thousands of dollars, to potentially costing millions, in addition to the efforts to remediate and reacquire the assets, data, and money stolen. Source
What are the standard preventative measures?
PhishPrevent was created, as all good ideas are, when some smart people realized that there was a problem that could be fixed. Sure, Outlook’s quarantine provides a decent first line of defense, but can only go so far without the help of human intervention. Just yesterday, I requested a password reset from a program I use regularly, and was beyond confused when I never received the email I was expecting. Quarantine had blocked the non-malicious email, and after hours of speaking with support trying to access my account, I finally got a rundown of my blocked messages which included four different password reset emails which I needed to continue my work.
On the topic of unintelligent AI, a colleague and I were talking the other day about the benefits and pitfalls of AI in regards to phishing. AI is great at learning repetitive tasks, but with the variability of phishing attempts, and new techniques, AI can not keep up. Millions of businesses in 2021 rely solely on AI that unfortunately, still needs you to decipher what boxes contain a stoplight, or what squiggly letters are on your screen. If you thought that these are security measures, they are, but they are also brilliantly teaching AI at the same time, a topic for another blog perhaps.
PhishPrevent can Prevent Phishing
PhishPrevent combines the best parts of the AI algorithm that quarantine utilizes with several human powered features. Human intervention is critical when it comes to phishing as the attempts vary immensely, and new techniques are always being cooked up.
Step 1: Free breach assessment.
Meet with one of our security experts to look into your business as it currently stands. Employees could have previously fallen for phishing and malware or spyware could already be installed within your internal systems. We will clean up your databases and servers of any software that should not be present so that when PhishPrevent is activated, you know that you are starting off fresh.
Step 2: Warning banners powered by AI on all suspicious and malicious looking emails.
Any email that a user receives from a new sender is automatically met with a banner along the top of the email stating “Warning: this is the first time you have received an email from this sender”, immediately placing a rightful suspicion on the email in the eyes of the end-user. The AI saying ‘hey, you might want to look over this email before reacting to it’ is a great first step to preventing phishing. Its like having a security expert sitting over your shoulder casually making sure that you are aware of the threats that preside in your inbox.
Step 3: Report button built directly into your inbox.
Once an email is deemed suspicious, the user has the chance to report the email directly to a security expert who will review all aspects of the email. The report button includes several options to choose from as to why you would report an email, including ‘received a warning message, impersonation attempt, and pushing sensitive information’ amongst other choices. Once reported, the email is not only removed from the employee reporting’s inbox, but all other employees who received the same or similar email until it is deemed safe by our team of human security experts.
Step 4: Review by a human.
Once an email is reported, it gets sent to one of Finchloom’s security experts for review. The expert looks at all of the data from the email to make a decision whether it is malicious or not. The list of points for review includes but is not limited to investigating the source domain (how old is the email address, who owns the domain), where the email was sent from, what type of information the email is asking for/if it is relevant to your business, and lots of the metadata behind the email. If the email is deemed malicious, it is permanently ousted from all employee inboxes, the domain is blocked and further investigated, and the reporting employee can go about their day. Users will also receive a report about the email and why our experts believe it to be malicious. If the email is safe, it is returned to employees inboxes as if it never left.
Step 5: On demand training and live tests.
In order to prevent phishing in the long term, employees need to be aware of the threat that presides. With PhishPrevent, employees will receive reoccurring test emails as something to look out for. These emails can consist of HR notifications, return to office protocols, and a handful of other topics that are hand crafted by our security experts to test employees. If the employees successfully report and deter the phishing attempt, they are good to go, but if an employee falls for the attempt, either clicking a link or responding to the email with personal and/or private company information, they are made aware that they fell for a phishing attempt, and receive on-the-spot training for the specific situation that they fell for. Through the live training that PhishPrevent offers, a security culture is instilled within companies of any size. At Finchloom, these training emails have created a sense of competition in reporting them, who is first, who fell for the attempt, and even who can identify the reasons why the email was malicious. Friendly competition drives security culture.
An all encompassing solution
PhishPrevent is the one-stop managed security service for all your businesses phishing prevention needs. Want to learn more about PhishPrevent and how it can help your company thrive? It all starts with a Free Breach Assessment. Learn more about all Finchloom and PhishPrevent have to offer by clicking the link here. Thanks for reading!