Email Filtering Needs to be More than Just Anti-Spam

Spam has been a persistent problem with internet-based email, and still remains one. It consumes resources, wastes time, fills up inboxes, and annoys users. Even more than that, it can lower the trust that an organization is taking due care to protect its users. To counter this, many companies have implemented anti-spam solutions to reduce the emails that get to their servers.

Yet this is no longer enough. More than just advertisements, email has become a major gateway for fraud. The Nigerian Prince scams still persist, with their blatant spelling errors, or silly stipulations, but this is not the threat. Phishing and malware attachments comprise one of the greatest threats to any organization that utilizes email.

Phishing now is sophisticated using real email addresses that have been spoofed, with fake sites that may look nicer than the real one, and perfect wording to imitate a real email. These are very hard to detect and can lead to people entering in PII or credit card information into a scammer’s website, then forwards to the real one seamlessly (known as a man-in-the-middle attack). These are not easy to notice even by experienced users who don’t hover over the URL.

Phishing attacks may download programs to the device, which can turn a PC or phone into a bot. Botnets can be quite large, and I personally have investigated a machine that was part of a network of 700,000 bots. While not all were from phishing alone, even 1% of just this single instance is quite a lot of people who fell victim to such a good rouse.

Another common, yet extremely devastating, attack is malware attachments with Trojans. A Trojan is a program that looks like something, let’s say a quarterly financial review presentation, but instead, it is something malicious – like a blank presentation with a virus downloader. These can be a number of things, from advanced malware, to spyware stealing data, to ransomware to hijack the files, or a program to make the machine a bot. These are hard to detect and slip by the best users, who can unknowingly infect their machines. The worst instances are ones where the user doesn’t notice something is wrong until months later.

These can costs businesses hundreds of thousands of dollars a year. This is why every organization needs to ensure their email is protected. More than just spam, email should be filtered for malware and phishing links. These are harder to detect, and so they require more advanced (and therefore costly) measures, but they are worth it. I have seen single emails do more in damages then a decade’s subscription to a good anti-malware email solution.

Email is one of the largest vulnerabilities a company can have, so it is important to implement the best protective measures. Also, don’t forget that every security measure should always have two additional components: employee training, and incident response measures. Both of these can reduce the overall damage an attack may have if it slips through the protection.