Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Major E-mail Vendors’ Products Fail to Filter Phishing Messages

In September 2009, Joshua Perrymon, CEO of PacketFocus (a penetration-testing firm), conducted an experiment with spear phishing and discovered that certain e-mail services and products were unable to block his phishing messages. These included Microsoft Exchange, Microsoft Outlook 2007, Cisco IronPort and Outlook Express.

Perrymon, in his experiment, dispatched a phony e-mail through LinkedIn. The e-mail appeared like a genuine invite from Bill Gates, the Chairman of Microsoft. It (the invite) showed the name LinkedIn as "LinkedIN" in its sender's field. Perrymon states that he managed to make the fake e-mail bypass filters every time.

Consequently, e-mail attacks represent an effective means for modern hackers to trick online users, said Perrymon. The e-mail security industry has to do something to stop numerous phishing and spam attacks, as reported by DarkReading on January 5, 2010.

Perrymon further says that the problem with e-mail-based attacks mostly relates to targeted attacks. These are commonly known as spear phishing in which the attacker researches about his target, crafts a fake e-mail and a phishing website before making the strike.

The CEO added that he simply wished to demonstrate the incapability of existing protection controls of e-mail security to accurately detect or safeguard against a targeted or spear phishing attack. The protection controls include e-mail gateway, e-mail security applications, e-mail clients, e-mail security device, desktop software, and cloud. According to Perrymon, the central hazard for these controls is with Simple Mail Transfer Protocol i.e. SMTP itself, as reported by Securitywatch.eweek on January 6, 2010.

Following the experiment, Perrymon stated he talked with each of the security vendors, who were affected, to discuss strategies for mitigation. Some vendors told the CEO that they were probing the problem, whereas others said that the issue related to e-mail directly and so a fresh security protocol was needed.

Meanwhile, PacketFocus advises organizations that they should adopt certain important measures. These are: establishing e-mail policies, detailing the risk and ways for mitigating it; educating employees on detection and tackling of phishing attacks; training new recruits as well as existing employees; providing facilities for reporting attacks; and patching security loopholes on time.

Related article: Macro Virus Deceive Users With Infected Word Document

» SPAMfighter News - 16-01-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next