The Real Danger in Your Inbox

Oren J. Falkowitz — Area 1 Security — Co-Founder and CEO

Most people conflate spam and phishing. There are similarities but the volumes, motivations, and damages are different. Spam has been clogging inboxes since AOL operated solely through dial-up, and “anti-spam” solutions have succeeded in reducing those unwanted messages in user inboxes to an all time low.

Yet the most dangerous items in your inbox are not spam but are phishing emails, which is the root cause of over 97% of all cyber campaigns and represents only 9 out of 1 million messages that a company receives. These are sophisticated, targeted, and they cause damage.

Area 1's distributed sensor network reveals insights on these targeted messages:

• 40% of targeted phishing attacks lure users with subjects related to business practices such as : “You Have Received a New Fax,” “Internal ONLY,” “Scanned from a Xerox Multifunction Printer,” and “Re: <company> employee list”
• 33% relate to personal and professional finances “You’ve Earned a Bonus”, “RE: quickbooks report,” “TP E-Billing for Jul 15 Seq No 0006 (0866AER147) Region 033,” “Statement (Unpaid)”
• Prominent brands used to gain user confidence are overwhelmingly related to financial (62%) and tech (29%) industries.

We’re emotional, curious creatures. We’re easily convinced to click on links that seem legit. It’s human nature and this data isn’t surprising but demonstrative of how phishing works to acquire access or information by masquerading as a trustworthy entity. Through playing on human desire, the inevitability of the click makes it highly unlikely that anyone can be vigilant all of the time. Security awareness programs are more like “the script for a telenovela that was written by a paranoid schizophrenic” than an effective solution. Companies need a complete anti-phishing solution that addresses the various phases of attack identification and is able to respond before there is damage.