Small Business Defense – AntiPhishing
- At March 19, 2009
- By Josh More
- In Business Security
1
The core problem with phishing is that it is a very human attack. It relies on people to, well, be people. The emails are crafted to be interesting or scary, and right when the reader is at the peak of wanting to know more, they are presented with a link. Once the link is clicked on, it’s game over… so the point of the game is to keep the link from being clicked.
It’s harder than it sounds.
One technique that would work well would be to completely block all HTML email. Thus, no pictures, no links. All email looks the same and all the HTML email coming in will look like utter gibberish. Now, as much fun as we all had in 1995, I think that we can all agree that that approach would not work well these days. So, what does?
Antispam
Many phishing attempts will trigger on good spam filters. The important thing to note, though, is that phishing attempts in a spam folder are just as effective as ones that appear in the INBOX. If you use this as a primary defense, it’s important to make sure that the anti-spam quarantine system traps the messages in such a way as to prevent such clicks from being active. Google’s gmail and their add-on message security products work well for this.
Anticlick
If the emails get through, and let’s face it, no antispam solution is perfect, it can work well to prevent the click from occuring. There are certain technologies that whitelist allowed links and render all others are unclickable. You can also run local HIPS software that can prevent such clicks from downloading and running software. If the HIPS software is good enough, it might even protect against overflows in the email client itself. Again, however, these solutions aren’t perfect.
Employee Education
The absolute best way to keep employees from clicking on the link is to continuously tell them not to click on links. It’s not perfect, but making employees responsible for their actions is the best way to get results. Much as someone would not leave the front door open and unlocked, they should be aware of the ramifications to the business should they engage in unsafe practices on the Internet.
Of course, we all know that people will make mistakes, which is why it would be wise to use both antispam and anticlick technologies as well. The combination of all three work far better than any one alone.
Paul F
Some other things that help:
* User should not have administrative rights on pc. Ideally, one should run the email client as a user with minimal permissions. On XP, you could set up a shortcut that uses run-as.
* Text email really isn’t that bad. Outlook and Thunderbird both support showing email as text, and give you the option to switch to HTML on an email-by-email basis. This way, you view those only those emails in HTML that you trust. Of course, getting average users to buy into this isn’t easy. It takes some getting used to, but it works.
* Email should run in a sandbox. Look at how much better Chrome has performed over the other browsers at CanSecWest, due to its sandbox approach. Shouldn’t email take the same approach.