Reinforce Gmail with Gartner-Recommended Anti-Phishing Controls

Anticipation ran high when Google introduced Gmail; and the versatile MX has exceeded expectations, driving productivity as it speeds and simplifies business and personal communications. Unfortunately, because of its high profile, Gmail is a top target for phishing campaigns. Threat actors pursue users relentlessly in global cyberattacks, delivered by phish that slip past Gmail defenses to land in user inboxes. And customers who trust Gmail’s email filters and rules to protect them learn the hard way that this won’t happen.

Why? Because Gmail threat defenses lack integrated email security insight into targeted phishing campaigns.

It’s hard to believe that an innovator like Google itself could be outsmarted — but breaches happen constantly. Gmail collects threat data from active, high-volume attack campaigns, but the low-volume, targeted profile of phishing emails such as Business Email Compromise (BEC) help them bypass Gmail’s defenses time after time.

Phish posing as valid communications handily evade both Office 365 and Gmail security. Criminals can lure users into clicking a malicious link, opening a malware-bearing attachment, or falling for Business Email Compromise (BEC) fraud — forwarding data and funds to spoof accounts. And even trained, skeptical users still take the bait nearly a third of the time. Once the money is in the criminals’ hands, they quickly drain and close their bogus accounts, often untraceably.

If you’re a Gmail user, or a security leader charged with email security, you naturally watch for Gartner’s latest wisdom. As noted in the Gartner 2020 Market Guide for Email Security (ID: G00722358), “Security and risk management leaders must revisit their organizations’ email security architecture in the light of current email threats, such as sophisticated malware, links to exploit kits, credential phishing and BEC.”

Additionally, Gartner notes, “As organizations continue to migrate to cloud email, the need to reevaluate email security is even greater. The solutions and controls that were put in place for on-premises email solutions are no longer enough.

BEC phishing and the “Long Con” threaten Gmail

When it comes to BEC, also called “CEO fraud,” “Impersonation Attacks,” or “Email Account Compromise,” many companies lack strong internal control processes, such as double confirmation for bank transfer requests. This shortfall allows cybercriminals to pose as employees or even partners/vendors in Types 3 & 4 BEC and to reap shockingly high amounts. The FBI reported 24,000 BEC scams in 2019 with enterprises losing $1.7 billion for an average loss of $72,000.

These scams don’t call upon complex coding or deep technology expertise; all they require is a credible-appearing phishing email. Threat actors have even commoditized toolkits for aspiring criminals, offering resources like RaaS (Ransomware as a Service) and self-replicating “ransomworms.”

Protecting against such ingenious fraud demands insight into the deep structure of the attack itself. Traditional email filters and rules, including Gmail’s security tools, can’t do that. As Gartner notes, an effective approach to stopping phish must be both technology-based and proactive, rather than after-the-fact damage cleanup.

An MSSP resolves its vulnerability by adding Area 1 to its security stack

Legato, a Managed Security Service Provider (MSSP), discovered a gap in its own email security that allowed incessant phishing attacks. These required time-consuming investigation and remediation which affected employee productivity. As Gartner recommends, the company sought specific anti-phishing technology that went above and beyond its own MX’s native capabilities. After Area 1 showed its ability to dramatically reduce phishing incidents with no impact on email traffic and productivity, Legato now adds Horizon as the phishing protection layer for their own customers’ Office 365 and G Suite environments.

Advanced visibility spots cyberattacks under construction

Threat actors can take months to construct a phishing site that carries out its attack in mere hours. By the time native defenses catch on, the phish have already landed in user inboxes and often the damage is done or underway. Integrating Area 1 with Gmail defenses provides the technology-based anti-phishing approach that Gartner recommends to detect and disable phishing emails before they land. Area 1 deploys quickly to:

  • Conduct inbound email scanning specifically for targeted phish
  • Use patented small-pattern detection to crawl the web for attacks under construction
  • Block and dismantle phish emails bearing ransomware, spoofs and BEC—missed by current defenses
  • Analyze and deliver detailed alerts and reports to stop phishing

On average, the solution detects malicious sites and payloads a full 24 days before industry benchmarks thanks to such phish-hunting resources as preemptive crawling, machine learning, cousin domain and anomaly detection.

The Area 1 Horizon service deploys and integrates smoothly in minutes, adding effective anti-phishing protection to Gmail’s security features like anti-spam, DLP, encryption, and archiving. Augmented by Area 1 technology, Gmail can offer true protection and peace-of-mind to its users by finding and blocking 99.997% of phishing attacks.

To learn more about how Area 1’s preemptive, cloud-native email security protects Gmail users, click here.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!

 

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.