Our security partner, Sophos has announced a new feature for their Email Scanning tool to even better protect you from phishing emails, known as “Impersonation Protection”.
The threat
People are now more savvy to phishing emails and how to spot them. Many of us know to check sender name/address for ‘random’ domain names or free email services (i.e. gmail) when being asked to provide sensitive information. So in order to successfully trick people now, cybercriminals have upped their game. Making their phishing emails look like they come from a reliable source, even a Director of your company, to encourage an action. For example, cybercriminals may use a trustworthy looking domain that is a slight variation of the company name. Taking advantage of the fact we are all inundated with emails, work and personal, many of us would glance over a domain like that and presume it legitimate. This is why Sophos have introduced Impersonation Protection for their Email Scanning tool.
How does it work?
The new Impersonation Protection feature improves your protection against the ever more clever phishing attacks. Features include:
- compares the display name of inbound emails to the display name of commonly abused cloud service brand names, and to VIPs within the customers organisation to check for matches. These could be the CEO, CFO, and HR director, and more.
- It provides a simple wizard to identify and add VIPs within the organisation to your policy for analysis with all inbound messages.
- It offers analysis of the domain name of an email address in relation to the display name, looking for free email services.
- It provides analysis of look-a-like domains to identify domain names like the corporate domain – when the attacker is impersonating an internal user, for example: Kris Hagerman <[email protected]>.
- Alternatively, if an attacker is attempting to impersonate a trusted brand, Sophos Email will also identify domain names similar to well-known cloud services such as Microsoft, Amazon, and LinkedIn.
This new service then allows email administrators to act on potential attacks with policy controls to quarantine, tag the subject line, delete, or warn users, with a banner added to inbound emails.
Cybersecurity as a System
Email scanning is one of the many products in the Sophos suite which we recommend to all of our customers. With 41% of IT professionals reporting at least daily phishing attacks and 30% of phishing emails being opened it’s crucial your business is protected*. Email scanning adds an additional layer of security on top of your firewall, antivirus and other security solutions, blocking another method of attack for cybercriminals. What’s more, if you enable Sophos Synchronised Security, any threats that are reported from the email scanning solution provide intelligence that helps identify and block future threats.
How can I get Impersonation Protection?
Email Impersonation Protection is currently only available as an Early Access Program for current customers of Sophos Email Advanced. So if you don’t have Email Scanning yet and want to up your defences against increasingly sophisticated phishing attacks then start your free trial of Sophos Email Scanning today. Or if you already have Email Advanced, contact us for more information about Impersonation Protection.
*Source: 2016 Verizon Data Breach Investigations Report, FBI, Sophos research