Blog / Phishing Emails – Effective for hackers, hard to detect for filters
Phishing emails and spam both come at you through the same medium: email. That means the defenses against both are also the same. It’s down to your spam filtering to keep you protected from spam and other harmful email messages.
Spam filtering checks can be configured as either hard or soft checks. The terms hard and soft don’t refer to the difficulty in defeating a dangerous email though, but rather what happens when an email fails such a check. Failing a hard check means the filter stops any additional inspection of the email—it is now considered 100% spam, action will be taken, and this email will not be delivered. Failing a soft check, on the other hand, simply means the check was failed. Some action may be taken, but the failure doesn’t stop the filter immediately; it continues inspecting the email and carries on to the next check until either the email fails a hard check or the filter completes the inspection and the email goes through.
Virus scanning is often a hard check, and triggering it usually means the email that was sent gets thrown away. This way, hackers can’t just include an infectious file with an email. But it’s also an easy defense to get around, as they can just include links for you to download the file yourself. In fact, email scanners don’t follow any links included in emails. All they can do is pull the link information from the email and check it against a record of known bad links. Also, finding a bad link an email is usually only a soft check, so the link gets removed but the rest of the email is delivered, allowing an attacker additional chances to break through your defenses.
So why am I going on about spam filtering, hard checks, and soft checks when I started this newsletter talking about phishing emails? Well, frankly, most people don’t understand how email works, and the ones that do don’t necessarily understand how spam filtering works. Sooner or later a nasty phishing email is going to wind up in your inbox, and to be honest, it’s probably going to happen repeatedly.
It doesn’t really make sense to put complete faith in automated defenses that don’t work all the time. It’s easy to find news articles about companies that were hacked due to single phishing email getting through to the right (or wrong) user. It happens all the time, all over the world.
So how do we fix the problem? Well, we start by recognizing the situation for what it is—a spam or phishing email sitting in your Inbox is not a problem because it does nothing on its own. Phishing emails are only a problem if users fail to recognize them, so the actual problem is not your filters but rather a lack of awareness and training. Automated solutions can only take you so far; the rest has to be handled by the person reading the email.
A line from Henry VI part 2 reads “Ignorance is the curse of God; knowledge is the wing wherewith we fly to heaven,” and it is very true. Email is an important part of our jobs and lives, and we should all learn more about how it works. After all, once an attacker defeats all the spam filtering and email checks, their last adversary is you.
If you have any questions about phishing emails, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.