It will come as little surprise to anyone who’s ever received a suspect looking invoice, but the major technology firms - including Apple, Google and Microsoft - are failing to protect users from phishing email threats.
The confirmatory news-flash comes from Plymouths Centre for Security, Communications and Network (CSCAN), who set about finding what action the big tech firms were taking to protect users and businesses from phishing threats.
Their research reveals shocking flaws in the automatic detection software employed across the major email service providers, but first, it’s vital to understand what ‘phishing’ actually is.
Phishing emails are, quite simply, the most common way for cybercriminals to steal your personal information like credit card details or password information.
Phishing attacks are conducted through emails which are carefully designed to look just like the real thing. Oftentimes, they’ll use urgent language to force you through to a page which is designed to harvest your personal information. From there, compromising your accounts is as simple as inputting the details you provided.
The threats are even more significant to businesses, with phishing emails posing one of the biggest threats to any organisation.
Plymouth's Centre for Security, Communications and Network started by sending two sets of messages to ‘victim accounts’, using email templates pulled from the archives of reported phishing attacks.
The first of those emails was simply plain text, with no links included. The second set of emails had all the original links in place, pointing to their original destination.
Researchers then studied which emails made it through to users inboxes and whether users were warned that these emails were malicious. The result? Well, it certainly doesn’t reflect well on the big tech firms.
75% of the phishing emails without links and 64% of those with links made their way into the target inboxes. Even worse, only 6% of those emails were marked as malicious.
Commenting on the findings, Bob’s Business CEO Melanie Oldman said: “This study only further illustrates how, when it comes to phishing, we can’t trust technology alone to protect us. With instances of ever-more sophisticated phishing attacks on the rise, all businesses should implement simulated phishing training to educate staff on the risks associated with phishing emails before they cause significant harm”.
The key to avoiding phishing attacks is raising awareness and creating a secure culture. Whether in your personal life or in a business environment, being aware of the telltale signs of a phishing email can make all the difference.
We’ve written extensively on how to spot a phishing email in the past. For those short on time though, we’ve included seven ways to spot a phishing email here:
For businesses, the fastest and most reliable way of ensuring your staff are aware of the serious risks that phishing emails pose and how to mitigate them is to combine our award-winning eLearning course with our phishing simulation solution.