Blog / The Importance of Understanding Email
It’s hard for computers to detect phishing attempts.
Email is everywhere, but particularly in business, but people often forget just how recent a change this really is. For example, I (and I’m sure at least a portion of my readers) remember a time before big companies like London Drugs or Walmart even had websites, let alone online stores. It may come as a surprise but the organizations slowest to embrace the internet were the large organizations like those. But of course, these days every office job comes with access to email. Unfortunately, for those unfamiliar or unexperienced in such things, access to email makes them a target for phishing. And worse, phishing emails are hard for computers to detect (especially for new users), and the reason is due to how computers work.
A typical phishing email contains a link for the user to click which sends them to a website that can harvest credentials or try to get the user to download a dangerous file. Now, if you don’t understand how email URL checking works, you could be forgiven for thinking that the URL checker goes to the linked website and evaluates it for dangerous content or code. However, that’s not actually what happens. Instead, the URL is checked against a database to see if it is a known bad URL. This means that any URL that has never been seen before may come back as clean or at least not considered a known threat.
But the reality and the our assumptions are not the same, and there’s a peculiarly pervasive that if one’s computer didn’t find anything wrong with the email, then it must be fine. This act of treating anything in the inbox as not just okay but legitimate and to be trusted is exactly what the bad actors are hoping for. Too often we’re more skeptical about real, physical mail than we are about potential email phishing.
Of course, phishers know all of this very well also; they understand that it’s only a matter of time before their URL gets flagged as dangerous, and likely even change the URL to a new one for their next campaign, making URL checking even less reliable. Don’t get us wrong; URL checking is important. It’s just not the be all and end all of email security.
To succeed, attackers and hackers need to know the rules of the game and understand them well, whether for installing malware (like Ransomware), sending a phishing email, harvesting some login credentials, or any other attack. Successful phishers know exactly how email and email filtering work, and how to take advantage. It’s worth investing in education for you users rather than making a baseless assumption about the safety of your email; that’s what the bad guys want you to do.
This week’s Shakespeare quote comes from Macbeth; “Hie thee hither, That I may pour my spirits in thine ear”.
If you’d like help identifying phishing or other dangerous email, contact a TRINUS cybersecurity professional and get yourself some stress-free IT.
Be kind, courtesy your friendly neighbourhood cyber-man.