Small Business Defense – AntiPhishing
The core problem with phishing is that it is a very human attack. It relies on people to, well, be people. The emails are crafted to be interesting or scary, and right when the reader is at the peak of wanting to know more, they are presented with a link. Once the link is clicked on, it’s game over… so the point of the game is to keep the link from being clicked.
It’s harder than it sounds.
One technique that would work well would be to completely block all HTML email. Thus, no pictures, no links. All email looks the same and all the HTML email coming in will look like utter gibberish. Now, as much fun as we all had in 1995, I think that we can all agree that that approach would not work well these days. So, what does?
Many phishing attempts will trigger on good spam filters. The important thing to note, though, is that phishing attempts in a spam folder are just as effective as ones that appear in the INBOX. If you use this as a primary defense, it’s important to make sure that the anti-spam quarantine system traps the messages in such a way as to prevent such clicks from being active. Google’s gmail and their add-on message security products work well for this.
If the emails get through, and let’s face it, no antispam solution is perfect, it can work well to prevent the click from occuring. There are certain technologies that whitelist allowed links and render all others are unclickable. You can also run local HIPS software that can prevent such clicks from downloading and running software. If the HIPS software is good enough, it might even protect against overflows in the email client itself. Again, however, these solutions aren’t perfect.
The absolute best way to keep employees from clicking on the link is to continuously tell them not to click on links. It’s not perfect, but making employees responsible for their actions is the best way to get results. Much as someone would not leave the front door open and unlocked, they should be aware of the ramifications to the business should they engage in unsafe practices on the Internet.
Of course, we all know that people will make mistakes, which is why it would be wise to use both antispam and anticlick technologies as well. The combination of all three work far better than any one alone.