Brad Slavin is the founder and CEO of Phish Protection, offering businesses a cloud-based, email protection suite that prevents malware, spam content, and spoofing. The business prides itself on its affordability and reliability in offering its clients real-time protection against malicious content. Their services operate across a variety of different hosted email systems, including Exchange, Office 365 and G Suite.
Brad was able to answer a few of our questions about Phish Protection, the nature of phishing and the internet security industry.
How has phishing changed in the last few years?
With more people active on their computer and the internet over the years, phishing has also shown an increasing trend. The days of sending a simple phishing email have now evolved to more sophisticated ways of phishing.
About five years ago, the most common target area of phishing was financial services. Now, it has given way to more sinister crimes.
The cybercriminals know that the money is in highly targeted phishing of companies. Hence, the most threatening phishing activity today is collecting confidential personal and financial information about the victim and using it for low frequency-high impact crimes.
This method involves collecting all personal details of the victim, such as name, address, email IDs, SSN etc. Phishers also gather information related to special events and date e.g. birthdays or business anniversaries. They use any relevant information that they can find out on social media platforms to make their attacks more timely and personalized to the recipients.
Thus, we can say that the phishers are moving towards where the money is today. For example, it’s way too easier for cybercriminals to re-route payroll transactions by using phishing techniques and make a few thousand dollars per attack than to get large sums of money transferred into “fake vendor” accounts.
Organizations today don’t have the required security controls or tools to identify a legitimate email and the one that appears to be legitimate e.g. correctly identifying an employee’s home email address vs. a legitimate request to adjust payroll.
How does your software protect the business from accessing phishing sites?
Proactive or preventive security controls are always better than reactive controls when it comes to dealing with phishing attacks, and our software proactively protects enterprise users from accessing phishing sites.
Real-time link click protection: Advanced Threat Defense checks the URLs or links in emails whenever they’re clicked. It protects you from time-delayed phishing techniques.
It also provides protection against various types of spoofing such as “domain name”, “display name”, “friendly name” spoofing. It does it so by blocking a malicious attachment so that you never have to worry about someone accidentally double-clicking it, giving a big relief to CEOs and let them focus on their business objectives and not to worry about information or cybersecurity.
What are the most common types of phishing attacks?
The most popular phishing attacks are as follows:
Credential Phishing – Impersonation of a legitimate website or email id by hackers to steal personal data from unsuspecting users.
Spear Phishing – Customizing email attacks with the target’s name, designation, phone number, and so on to trick the victim into parting with confidential information.
CEO Fraud – Compromise the email account of the CEO or another high-ranking official to execute and authorize fraudulent wire transfers.
Vendor Spoofing – Where an email appears to come from a vendor asking about an accounts payable balance and then requesting payment to a different bank account in exchange for a “discount” on the open balance.
Which product do you find, is your most popular option, and why do you think this is the case?
There are many products available in the market today, but the most popular and best one, according to me, are the ones which provide a comprehensive and layered approach to security. Not just spam, and malware protection but also real-time link validation, spoofing protection and are completely device agnostic. My choice is the ‘Advanced Threat Defense’ from Phish Protection. It is a cloud-based, integrated, email protection suite of services that stops phishing, malware, spam, spoofing and includes Advanced Threat Defense.
Phish Protection is a valuable security tool for businesses of any size. Their services are only growing more and more important, given the increasing sophistication of malware, spam and phishing content. If you operate a small or large business or corporation, your data is often one of your most important business assets. As such, you need to do everything you can to protect it. Phish Protection can achieve just that.
We would like to thank Brad for taking some time out of his day to share his insights with us!
If you would like to follow up with Brad Slavin, visit www.phishprotection.com