Are You Getting Phishing Attacks in Outlook?

Posted by Catherine Young

Phishing attacks are the number one cyber threat facing organizations today. Don’t take our word for it. The World Economic Forum (WEF) interviewed 12,000 business executives about the biggest risks to doing business and they cited cyber-attacks as the top concern in advanced economies.

If you're responsible for IT security and infrastructure at your organization, you see the volume of phishing attacks made every day. That's why phishing alerts and anti-phishing software are so important. However, even if you are using phishing alerts in Outlook, are they solving the problem?

Will Outlook’s Banners and Prepend Warnings Solve the Problem?

Some companies will set up Outlook to display a message looking like this at the top of email originating outside the company: "This email originated outside the organization. Do not click any links or attachments unless you know the sender.

It’s annoying to users, especially if there’s are several email interactions with someone outside your organization. What happens is that people ignore the messages. It can also cause problems in formatting for some organizations that aren’t set up to process the extra header information. 

In addition, it renders previews from some email clients useless as you won’t be able to see any information past the initial warning message. This can mean users actually have to click on a malicious email to open it up to see what it’s about because the reading pane won’t show enough of the message for them.

Setting up prepend warning banner paths can cause problems. If there’s any back and forth on an email, headers can end up looking like this:  RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] Subject Line.” Messages like this will frustrate users, especially mobile users, who may not be able to see the subject.

A workaround that some companies use is to white list safe domains to avoid the repetitive banners. Unfortunately, Outlook transport rules have a 4KB size limit, which you can easily exceed with your white label list.

Companies that use third-parties for email fulfillment can also run into problems.Edge servers that are set up to reject any email from gateways with company email addresses that come from outside the organization will flag or quarantine the messages using Outlook security protocols, even though it is a legitimate email.

Just listen to the online chatter among IT professionals and you’ll see the problems they are having making Outlook’s built-in phishing email notification work.

There is a Better Way. INKY Does It Differently

INKY solves the phishing attacks problem in a different and more advanced way than other anti-phishing software.

Bold and Specific Visual Cues

Rather than just easy-to-ignore messages - stop employees from clicking on malicious emails. INKY’s visual cues are color-coded and inserted into the body of the email. This doesn’t break the preview pane. Users will see the cue but be able to preview the email in the reading pane without opening it first.

INKY finds issues before they reach your hosted systems, and it either warns the user or blocks the email.

INKY Does More Than Just Analyze the Sender Information

Many so-called anti-phishing software solutions will analyze the sender information and compare to a list of known threat actors. If it’s not already listed, it may get passed through. INKY employs machine learning and computer vision techniques that inspect every single element include in an email. 

INKY analyzes the code and images down to the pixel level to make sure they are safe. This stop scams before they can harm your business.

INKY Works on Any Device

Fifty-nine percent of organizations allow employees to bring their own device to work. With employees mixing company devices with their own personal devices, the security threats have risen significantly. The disparity of machines connecting to resources and using email presents another major security concern.

INKY’s secure cloud installation instantly parses all elements of email regardless of which device you view it on. INKY’s phishing alerts appear directly in the email message.

INKY Detects Zero-Day Attacks

Traditional anti-phishing software needs to find identifying characteristics in an email or attachment to recognize it is potentially malicious or deceptive. 

INKY's algorithms incorporate machine learning which can rapidly evolve to uncover zero-day attacks that other systems miss.

Get Your Free Email Security Analysis and Stop Phishing Attacks

Phishing email and other fraudulent email attacks are significant security threats to your organization. Even if you have a system in place to block these attacks, cyber criminals are constantly evolving their tactics.  Are you safe?

Get a free email threat analysis. INKY will analyze two weeks of email using our proprietary machine learning, AI, and computer vision to determine your threat level. Use it to see how vulnerable your organization is today. 

Topics: phishing attack