15 November 2018

Identity Threat Protection to the rescue

Spam started out as an annoyance and has grown to become an international criminal enterprise.

Given that it makes up 45% of all emails, you must be prepared to invest time and money into building the best possible defence against the harm it can cause. And this harm comes not only from spam but other forms of email threats such as viruses and phishing attacks. These forms of attack are highly dangerous and can cost a company millions in ransom, repairs or other fees. Your best line of defence is Securemail, which will ensure that you have a spam, virus and phishing-free inbox.

But there are other email threats your business should be concerned about because not all email-borne attacks use malicious URLs or attachments. Business email impersonation attacks are designed to trick key users such as finance, executive assistants and HR into making wire transfers or to provide relevant information for cybercriminals.

Cybercriminals pull this off by pretending to be the CEO, CFO, or another authoritative person in the organisation. They can even impersonate your trusted partners or other well-known Internet brands. It is also common for them to target departments responsible for sensitive employee data such as payroll.

Introducing Identity Threat Protection

Identity Threat Protection (ITP) is a set of tools designed to reduce the risk of email phishing attacks on Securemail customers. It was built to further address major phishing vectors such as domain spoofing and whaling (also known as spear phishing). It uses existing email security standards, namely the Sender Policy Framework, and extends its capabilities to secure the identity of email domains protected by the Securemail Inbound service. It doesn’t stop there, there is a cross-domain security capability built into the tool. This means that if you have more than one domain under ITP protection, they will all be protected from spoofing each other.

Greater focus on the user

Technology-based email problems require end-user education and technical solutions, which is why greater user control is at the heart of ITP’s design. It’s vital for users to understand their email environment. ITP caters for a learning and discovery process, giving you the confidence to secure your email domain(s) from spoofing without the worry of incorrectly rejecting or quarantining legitimate mail. In the testing mode, you can monitor ITP reports to correct your SPF record or bypass trusted domains before enabling a protection command.

ITP in action

Example of an Executive Fraud Protection (EFP) hit:

Subject: Test of executive fraud

Displayed sender: “Darth Vader” <dvader@gmail.com>

Actual sender: dvader@gmail.com

In this example, the executive name and header-form address are being spoofed (Darth Vader is added as a name in the EFP configuration). The actual sender is dvader@gmail.com and not dvader@synaq.com. In this check, we prevented an email from a non-domain sender displaying an important executive’s name in the header form from possibly perpetrating fraud by influencing staff.

Do not allow anyone to use email to exploit your identity. Download the product brochure for a more in-depth look at the ITP tool.

Download The ITP Brochure

Identity Threat Protection (ITP) is a set of tools designed to combat and further reduce the risk of email phishing attacks on Securemail customers.

Download Brochure
Securemail CTA.jpg