When Phishing Strikes: The Tool Your Business Needs When Cyber Criminals Succeed

Email-delivered threats have increased drastically over the last few years. Even businesses with enterprise-level email services and employee training can fall victim to creative manipulation. To battle this, Anderson Technologies offers a solution that protects email when other systems fall short.

The Incident

Imagine turning on your work email to find a message from your biggest client. “If we get one more spam email from your accounts, we will stop doing business with you.”

How can this be? You pay for managed services, educate your employees on email security, and even recently upgraded your email services. How could something like this happen? Sure, your employees have received some suspicious-looking emails in the past, but there’s no way that could seep into your client interactions.

Except that’s exactly what happened to Intrante.*

According to Farica Chang, director at Anderson Technologies, the system administration team was able to trace the outgoing spam to a single “malicious phishing email that successfully executed code inside two employee Outlook applications.” The malware set up email rules that “hid its behavior from the users and began spamming everyone in their address books with email sent through their accounts.” Those emails not only went out to every internal company inbox but also to many clients and vendors.

Intrante couldn’t afford for this to happen again. Imagine this happened to you. What would you do?

The Response

Upon learning of the spam coming from Intrante’s accounts, senior systems administrator at Anderson Technologies, Luke Bragg, immediately took action. “The first thing we did was reset the passwords for the suspected accounts that were compromised,” he said, thus cutting off further access from cyber criminals. “From there we started digging into the accounts to see what other data or settings had been maliciously modified.”

Once the scope of the incident had been uncovered and repaired, Bragg and his team needed a stronger email spam filtering solution to implement to prevent a similar incident from occurring in the future.

He looked to the August 2017 study from SE Labs, which analyzed email threat protection services. This data made it clear—while many popular email services catch spam and phishing attempts, messages still slip through the cracks. Three email filtering services analyzed by SE Labs received their “AAA” rating: Mimecast, Forcepoint, and Proofpoint Essentials. While all three provided excellent coverage, only the last service achieved a 100% accuracy rating.

Proofpoint inspects both inbound and outbound emails.  According to the SE Labs study, not only does Proofpoint quarantine or send threats to junk mail, it stops or rejects threats before they reach the user. If URLs are present in an email, Proofpoint’s system opens every link inside a controlled sandbox environment. “This action and analysis allows it to determine if the link is legitimate and safe before it releases the email to the recipient,” said Chang.

In addition to its stellar record, Proofpoint’s four subscription tiers also offer features that many clients of Anderson Technologies request. An Essentials Business account gives access to most of Proofpoint’s features, but the Advanced and Pro levels include email encryption (and along with that, HIPAA and PCI compliance) and social media account protection. Pro also offers a tamper-proof, off-site, unlimited (10 year) email archive.

With this distinctive solution, Anderson Technologies’ managed services team brought their answer back to Intrante.

Why Email?

According to Bragg, “email threats are extremely common, and probably one of the most targeted systems.” Email is the perfect delivery system for malware, spam, and phishing campaigns, all of which saw an increase in 2017, according to Symantec’s Email Threat Report. Email can be utilized by bots, entities with malicious intent, and acts (unintentional or intentional) by authorized users to spread these threats.

Even educated employees can miss the subtle tricks of an effective spammer.

Phishing emails may look and feel like they come from a well-known company, like Amazon, Apple, PayPal, or UPS. Frequently, these attacks ask the reader to “click here to log in to your account,” providing login information to a wolf in sheep’s clothing. These attacks are easy to mass generate and make money for the perpetrators even if only 1 in 100 falls for the trap.

According to Symantec’s Email Threat Report, “one out of every nine email users encountered email malware in the first half of 2017!” These emails typically offer an attachment disguised as an invoice or other important document. These may appear to be sent from other employees and may even be routed through their real email addresses.

Malware-spreading emails typically urge the reader to act NOW, inhibiting the thought process through urgency.

Another vulnerability tied to email is information hacking.

Even comparably low-value targets can provide lucrative information to hackers—information like other user names, passwords, client information, industry secrets, or proprietary data. Email is as insecure as a postcard. As long as it is only read by the intended recipient, your message is moderately safe. Even so, never send passwords, financial credentials, Social Security numbers, etc., in a plain-text email.  Once in the wrong hands, unencrypted email is easy to read.

Don’t be fooled. “Even with additional layers of filtering and security,” says Chang, “there will always be malicious emails that get through. Teaching employees to be wary and practice caution is the best defense.” Take advantage of education services like free seminars, or Anderson Technologies’ free eBook on cyber security.

Email may be the perfect vehicle for bad actors to find their way into your network, but you and your business don’t have to be a victim. With spam monitoring and encryption services like those offered by Proofpoint, a mistake or foolhardy action doesn’t have to mean the destruction of your business.

Protect Today!

Anderson Technologies strives to ensure the IT products and tools it recommends are fully vetted and employed internally first. Principal Mark Anderson reports that after implementing Proofpoint Essentials, his junk email count has dropped by over 90%! According to Symantec’s Email Threat Report, an estimated $1,177.42 annual cost for the time one employee spends managing spam.

Bragg recommends a layered approach to email security.  The first layer being perimeter protection with a good hardware firewall that has additional malware and intrusion defense capabilities.  From there, Bragg notes the importance of enterprise-grade anti-virus software on all workstations and servers. It is important that this software be closely monitored and updated to truly be effective. The final layer is spam filtering, and for that, Anderson Technologies recommends Proofpoint.

Of course, there is also user training, which is “challenging,” according to Bragg, “but necessary.”  Even for businesses that are confident in their employees’ cyber security training regarding email, Proofpoint brings operations closer to a Zero Trust mindset, truly making your operations secure.

Are you interested in adding a spam filtering or encryption service to your business? Contact Anderson Technologies today! Email info@andersontech.com or call 314.394.3001.

*Names have been changed to protect the identity of the business and its executives.