Major E-mail Vendors’ Products Fail to Filter Phishing Messages
In September 2009, Joshua Perrymon, CEO of PacketFocus (a penetration-testing firm), conducted an experiment with spear phishing and discovered that certain e-mail services and products were unable to block his phishing messages. These included Microsoft Exchange, Microsoft Outlook 2007, Cisco IronPort and Outlook Express.
Perrymon, in his experiment, dispatched a phony e-mail through LinkedIn. The e-mail appeared like a genuine invite from Bill Gates, the Chairman of Microsoft. It (the invite) showed the name LinkedIn as "LinkedIN" in its sender's field. Perrymon states that he managed to make the fake e-mail bypass filters every time.
Consequently, e-mail attacks represent an effective means for modern hackers to trick online users, said Perrymon. The e-mail security industry has to do something to stop numerous phishing and spam attacks, as reported by DarkReading on January 5, 2010.
Perrymon further says that the problem with e-mail-based attacks mostly relates to targeted attacks. These are commonly known as spear phishing in which the attacker researches about his target, crafts a fake e-mail and a phishing website before making the strike.
The CEO added that he simply wished to demonstrate the incapability of existing protection controls of e-mail security to accurately detect or safeguard against a targeted or spear phishing attack. The protection controls include e-mail gateway, e-mail security applications, e-mail clients, e-mail security device, desktop software, and cloud. According to Perrymon, the central hazard for these controls is with Simple Mail Transfer Protocol i.e. SMTP itself, as reported by Securitywatch.eweek on January 6, 2010.
Following the experiment, Perrymon stated he talked with each of the security vendors, who were affected, to discuss strategies for mitigation. Some vendors told the CEO that they were probing the problem, whereas others said that the issue related to e-mail directly and so a fresh security protocol was needed.
Meanwhile, PacketFocus advises organizations that they should adopt certain important measures. These are: establishing e-mail policies, detailing the risk and ways for mitigating it; educating employees on detection and tackling of phishing attacks; training new recruits as well as existing employees; providing facilities for reporting attacks; and patching security loopholes on time.
Related article: Macro Virus Deceive Users With Infected Word Document
» SPAMfighter News - 16-01-2010