Email security and web security threats come in many forms but none have grown in notoriety this year like the Phishing email attack. The rising occurrence of phishing attacks and of low-volume attacks is a much talked about phenomenon.
What is a phishing email?
Phishing email is a kind of spam email that purports to be from a trusted website or known person to the email user. Some popular aliases for phishing emails are those of well-known banks, social media sites, insurance companies and online retailers. Phishing emails aim to trick the recipients into clicking on a phony link or downloading malicious software or even handing over sensitive information. They do this by using personal data that has been collected through earlier web security breaches.
Web security breaches like those at email marketing firm Epsilon, Citi Bank, Sony and Square Enix resulted in the leaking of customer’s data to third parties. In some cases this data was posted online and included details like names, addresses, passwords and email addresses. This data is a vital part of designing a phishing campaign, as the emails can be tailored to the recipients’ personal details in order to improve its trustworthiness.
So why do phishing attacks work?
Because phishing emails are configured just like legitimate emails, they have a higher likelihood of getting through traditional email security protocols. Spam prevention systems that operate on a reputation-based system have a lot of trouble detecting these kinds of attacks. A SaaS based email security solution includes the appropriate technology to guard against these new kinds of spam attacks.