Gmail-Phish-Misses

 

By: Jane Wasson

When Google launched Gmail, the world quickly embraced it as versatile, feature-rich and intuitive—fostering communication and driving productivity.

But the happily-ever-after has eluded both consumer and business users. Gmail’s popularity is a dog whistle for criminals of all stripes to attack, breach and infest inboxes, wreaking havoc on organizations—even on Google itself!

The agent for delivering all but a fraction of this damage is deceptively simple and unobtrusive: a phish. In an endless game of “gotcha,” hackers impersonate trusted sources or use countless other ruses to persuade targets to click infected web links, download malware, and deliver up company funds. Even well-trained, skeptical users still take the bait nearly a third of the time.

When it comes to “CEO fraud,” or Business Email Compromise (BEC), many companies lack strong internal control processes, such as double confirmation for bank transfer requests—allowing hackers to “invoice” and receive shockingly high amounts.

Running these scams doesn’t call for complex coding or deep technology expertise, just a credible-appearing phishing email. There are even low-cost phishing kits and tools, including head-shakers like RaaS (Ransomware as a Service) and “ransomworms”— self-replicating ransomware.

To get a handle on this fraud calls for innovative ingenuity that reaches into the deep origins of the phishing attack itself. Traditional email filters and rules, including Gmail security can’t do that. As Gartner notes in its latest report, an effective approach to stopping phish must be both technology-based and proactive, rather than after-the-fact damage cleanup.

Augment and Harden Gmail Security for Seamless Anti-Phishing Protection

The targeted nature and short duration of phishing attacks gives them an advantage. Unlike spam, phishing attacks present a small, low-volume, short lifespan, attack profile. Defenses focused on massive spam volumes miss phish; and they receive threat data on cyberattacks only after the attacks are well underway, after the damage is done.

Gmail defenses need advanced visibility to spot cyberattacks while they are forming—before they launch, so attacks can be preempted and end user inboxes protected.

Hackers can take months to construct a phishing attack that carries out in mere hours. By the time defenses catch on, the phish are already in user inboxes and the damage is done. That means early insight—preemption—is vital in stopping a targeted phishing campaign before it reaches users and puts them at the mercy of spoofed addresses, smooth-sounding imposters posing as company executives and so forth.

Integrating Area 1 Horizon™— as specified by Gartner—with Gmail defenses provides a technology-based anti-phishing model that discovers and disables phish before they reach the inbox. Area 1 Horizon examines billions of web pages to detect and visualize attacks under construction, analyzes them to discover where they originated and which hackers are involved—and most importantly—uses that insight to block phish before customers are breached. On average, the solution detects malicious sites and payloads a full 24 days before industry benchmarks, using:

  • Pre-emptive crawling
  • Machine learning models
  • Cousin domain detection
  • Anomaly detection—among others
Real World Deployments; Real World Results

Several Area 1 customers deploy our anti-phishing service to protect Gmail inboxes from phishing. Here are some recent examples of phishing emails that bypassed Gmail defenses and were detected by Area 1:

In the first case, the customer received an email that looked like a dropbox notification requesting that the recipient click a link to download a file. When the link is clicked, a fake login page opens that is actually a credential harvest site. The Area 1 Horizon service uses innovative analysis techniques, in this case, a technique that recognizes when links and sending domains not associated with common brands are present in an email. As a result, the service can detect brand imposter phishing emails and block them, before the email reaches the intended victim’s inbox.

Gmail-Misses-Screenshot1

Brand Impersonation Detection

In another case, an Area 1 customer received an email response with an attached document from a sales prospect. The response appeared to be authentic, including the original email in addition to a request to open a document attached to the email response. Using proprietary ML file analysis, the Area 1 Horizon service detected malicious VBscript in the file attachment, so the email could be prevented from delivery and the malware prevented from downloading to the victim’s computer.

Gmail-Misses-Screenshot2

Malicious File Attachment Detection

If your organization is struggling to protect Gmail inboxes from phishing email, Area 1 can help. The Area 1 Horizon service deploys and integrates smoothly in minutes, adding effective anti-phishing protection to Gmail’s other security features such as its anti-spam, DLP, encryption, and archiving. Augmented by Area 1 Security technology, Gmail can now offer true protection and peace-of-mind to its users by finding and blocking 99.997% of phishing attacks.