Spam Filters Won’t Save You All The Time
Anti-spam filters are certainly a great tool for eliminating the barrage of unwanted email messages. However, those shouldn’t be the only ones in the security toolbox. Frankly, because as good as they are becoming, they’re still not catching all of the messages. Yes, anti-phishing measures are still improving, but as with most things in life, they aren’t 100% effective. In fact, the cybercriminals who phish us are getting better faster than those tools. That’s why filtering out malicious email using technological tools should be supplemented by training and education. And here’s why.
Legitimate email addresses can spam you
It’s not difficult to create an email address from a well-known email service. Doing so is free, after all, so if someone wants to phish, they can use a real address. Email from the large free services, such as Google or Yahoo, will most likely pass through spam filters because they are so widely used, even as company email addresses in some cases.
Cybercriminals will use this to their advantage by making up several of their own email addresses from free services and send off a barrage of messages. Very large lists of email addresses are for sale on the dark web all the time from data breaches such as from Ticketmaster, LinkedIn and any number other organizations. In fact, spam can show up in your email box, FROM YOU!
Spam filters are tested in advance
There are many free tools that analyze email to determine what is and is not spam. Spammers use these exact tools to test their messages in advance. They change the messages slightly and keep sending until they don’t get any red flags. Then they know their time won’t be wasted.
What you share is public
Spam filters have the ability to “learn” with whom users are corresponding and the attackers can harvest personal data off various social media like Facebook and LinkedIn to make matches. That’s why we’re always advising you not to overshare on social media or on any website for that matter. That will just give the scammers more information to create targeted messages to spearphish you. If a message comes through addressed to a particular person from someone the spam filter has “seen” before, it may just get to your inbox. Personalized messages are still 40% more likely to get someone to click a link or open an attachment.
Spam filters trust too
Email messages come from servers with specific IP addresses. Spam filtering tools trust certain ones, such as those that come from Google, for example. They also know which ones they shouldn’t trust, such as those that come from university dorms, airports, and other public places. These are considered transient and are usually flagged by spam filters. However, ultimately IP addresses can go through a “warming up” phase and become more trusted by the tools. At that point, an attacker can use servers with these warmed up IP addresses, which will be more likely to pass by any defenses that are in place with a wave goodbye.
Phishing in all its forms (spear-phishing, whaling, vishing, etc.) continues to be very effective. In fact, it’s still the top way that malware succeeds in getting into a system or network.
No surprise, but we’re human. We have faults and we make mistakes. That’s why we will likely always be the weakest link in an organization’s defense strategy. The good news is that we can also be the strongest.
Just one person
All of this is why ongoing awareness training is so important for all of us. Threats evolve and change all the time and AI is only going to complicate matters. You can put all of the available technology to work and if just one person falls for a phishing lure, the network may be compromised.
It’s exciting to experiment with artificial intelligence and other technology tools, but they simply cannot keep humans from falling victim sometimes. Take time to properly learn how to avoid becoming a victim of phishing and you may end up saving your organization from a ransomware attack.
Phishing Phlags:
- Unknown senders
- Unexpected links and attachments
- Spoofed email return address
- A sense of urgency to the message
- Spelling and grammar errors
- Blurred or old graphics and images
- Numbers in places of letters, such as a zero for an “o”