Spear-phishing aiming at the big fish in corporate, Trustsphere says

Marina Freri
Wednesday, 28 September 2011 12:45

Business IT - Security

We can all remember the 'British Lottery' and 'Nigerian prince/princess' emails, which asked us to provide our bank account details if we wanted to be loaded with money; but as we have grown smarter in identifying phishing attempts, so have the 'bad guys' behind cyber crime. Now, they aim at the big fish in the organisation.

In an interview to iTWire, email integrity solutions provider Trustsphere CEO, Manish Goel, explained how phishing had evolved from 'spamming' as many users as possible, to targeting specific individuals within organisations: a practice, which he called 'spear-phishing' or 'whaling', with the latter referring to targeting the most senior executives of the company.

'Typically, it [phishing] has similar characteristics to spam, you have somebody who is sending out a large number of emails to a large number of people,' he said. 'Spear-phishing on the other hand targets individuals, senior executives within the organisation, trying to get confidential information, sensitive data, out of the people they are attacking."

Goel added that most security vendors had the technology to recognise and prevent 'normal' phishing, as it behaved similarly to spam; but said spear-phishing and whaling were hardly recognisable because of their nature. 'Spear-phishing is much more notorious, much more sophisticated,' he said. 'Reports show a number of spammers are moving into spear-phishing because the rewards are much more significant'.

Goel explained that whaling or spear-phishing emails targeted only one or two senior executives; he said these emails were generally seen as coming from partner organisations or financial institutions, with links to external websites or attachments, which might contain malware.He said Trustsphere was working alongside security services providers to tackle phishing attacks.

He said their technology was based on the principles of 'trusted sender recognition' and false positives, that is to say the emails incorrectly classified as 'spam'. Goel explained email messages were ranked according to the level of interaction between the sender and the recipient.'We turned that particular issue on its head,' he said. 'We accurately identify what is known and good."

If the two had been in contact before, and the sender had a good reputation - that is to say its account had not been hacked before - then the emails would appear in the inbox highlighted in green. He added that if suspicious messages were sent from trustworthy contacts, they were not immediately blocked, but signalled to the user, thus avoiding the creation of false positives.

'If the email is not green, it doesn't mean you have to block it but proceed with caution,' he said. 'The way our technology works is bypassing the spam filter if you are a trustworthy contact."

Goel concluded that every listed company was potentially exposed to cyber-espionage and phishing attacks, for the value of the financial information they owned. 'The 'dark side' of cyber threats is well funded,' he said. 'It's organised by deep specialty."