How to Handle Email Fraud

Posted by Stephen Ferrell
Stephen Ferrell

In 2018 email fraud reached epic proportions both in terms of the sheer volume of fraud attempts and the staggering dollar amounts that businesses large and small are facing. Dealing with email fraud is a daily reality for email security professionals across all business verticals. The challenge, unique to email fraud as opposed to hacking and malware attempts is that every email user in an organization is a potential entry point for a successful phishing attack.

Many companies rely on a combination of spam filters, awareness training, and simulation. Let’s discuss the strengths and weaknesses of each of these, and we’ll conclude with a breakdown of our full proof next-generation email fraud prevention approach.

Spam Filters: Spam filters are an essential defense against email fraud. However, spam filters by design are tasked with weeding out the obvious junk. Most spam filters deploy Bayesian statistical models to filter out common spam patterns and alphanumeric combinations that give an email away as being junk. Rarely do spam emails result in a successful email fraud attack, users have become savvy to the mass market obnoxious nature of spam and are adept at ignoring and deleting them. The inherent weakness of the spam filter is also its strength; it can filter out the obvious but struggles with the well crafted and nuanced email fraud attacks that the modern phishing email exhibits.

Awareness Training: Many organizations have figured out how to report email fraud, and integrated email fraud awareness training into their new hire onboarding process. Often the email fraud training is limited to those early first weeks and mid to small business generally don’t reinforce it beyond an associate’s early days; awareness can further suffer for logistical and resource reasons. Awareness training can be an important component in combatting email fraud, but it relies heavily on a point in time training and assumes that all associates have a shared level of understanding of email fraud, email security, and technology generally.  Practically this is often not the case. Uncontrollable demographics, skills levels and years of experience can all impact the success or failure of an email fraud awareness program.

Phishing Simulators: Phishing simulators are used to test an organizations aptitude at catching phishing emails and email fraud attempts. Many of the commercially available phishing simulators allow for a great deal of targeting and customization. Inherent in this type of approach is the genuine risk that persistent fake phishing attempts, especially if they are successful, can cause an organization to suffer from a morale perspective and worse still, become so wary and so conditioned to email fraud attempts that productivity begins to suffer.

Common to spam filters, awareness training and phishing simulations are that Phish still gets through. Millions upon millions of dollars’ worth of damage is happening to corporations who had already deployed all three. With that in mind, let INKY offer you a better solution.

The INKY Difference

At INKY we are committed to eliminating email fraud, and via our Phish Fence platform, we provide a solution that affords point in time training prompts (via our banners) and creates a fail-safe for dangerous emails where the user is further prompted to acknowledge a likely email fraud attempt before executing a call to action.

INKY is compatible with existing spam filters and can be a powerful complement to your existing awareness programs. It takes fraud email reporting to the next level. INKY deploys computer vision, artificial Intelligence, and machine learning to create a proactive defense mechanism. We prevent phish from going undetected. Our user-friendly, color-coded banners inform users as to the nature of messages they are receiving.  This comprehensive email phishing protection offers guidance, and real-time training, which empowers employees to make informed decisions about the emails they are receiving. Red banner emails (malicious) can be rerouted before they arrive or sent to users with their banner intact to provide point in time awareness training. We don’t simulate phish because we don’t have to - INKY catches everything. INKY can be installed and be working to prevent email fraud in about 30 minutes.  

INKY’s next generation email phishing prevention approach takes the guesswork out of emails and provides every user in your organization with an email fraud analysis every time an email arrives in an inbox. Awareness training and simulation will only take your organization so far; it’s time for the next generation in phishing prevention software. INKY is trusted by organizations large and small, and we are ready to help you and your email community Phight Phish and email fraud.

Inky Phish Fence is the smartest investment you can make in the security of your organization. Request a complimentary demo.

 

Topics: email fraud