Verifying and responding to all reported suspicious emails require considerable operational expenses and human effort.
Cyber-attackers only allow access to their servers from certain countries and it makes it more difficult for security tools to detect them.
Email security solutions can only detect known malicious emails. They are insufficient to detect targeted and localised attacks.
Email security tools might be effective to protect your staff but they are not designed to look after your brand and customers.
Attackers use social media to encourage your customers to log in to a fake login page similar to yours.
Cyber-attackers use text messages to deliver their malicious URLs to your customers.
Your email security tools can be integrated with your web proxy and SIEM to alert and blacklist malicious URLs once found.
Our DIY takedown template helps you speedily detect and eliminate malicious websites.
If your staff has been the victim of malicious email attacks, you should train them how to identify and report suspicious emails.
BEC attackers often impersonate CEO or any executive authorised to do wire transfers to steal money.
Operation Expenses and human effort
Manually verifying a pile of suspicious emails can take a lot of time for your security team and may involve significant cost. Human error can slow down the process and make it inefficient. Your staff expects a quick response when they report suspicious emails.
Your customers might report phishing emails to your external phishing queue (for example hoax@your_organisation.com or phishing@your_organisation.com) and your team might be too busy to consider all reports.
Additionally your security team might find it difficult to detect phishing campaigns by just looking at the reported emails. You need a solution to automatically group similar emails to speed up the detection and response processes.
You may have subscribed to some intelligence threat feeds to verify URLs in the reported suspicious emails. However, these generic threat feeds cannot help you find targeted phishing attacks. They may not even be able to access the malicious URLs (or phishing websites) if the attacker has denied access based on location.
SafeToOpen's biggest advantage is helping your organisation save time and OPEX by:
1. Using SafeToOpen's Microsoft Outlook add-in which empowers your staff to easily report suspicious emails from within your organisation.
2. Quickly scanning all attachments and URLs and replying to your staff whether the email is safe or not.
3. Analysing all reported emails from your customers giving your security team detailed information allowing them to respond appropriately.
4. Using SafeToOpen's dashboard which (in addition to other features) helps your security team quickly identify phishing campaigns and respond to them.
Fighting localised cyber-attacks
Internet attackers use different techniques to protect their malicious servers from security tools and information security experts. One of the simplest methods is to block incoming traffic from certain geographical locations. For example, if an attacker set up a phishing website targeting a business in Australia, they may block traffic from all countries except Australia. Hence they remain undetectable from security tools located outside of Australia. URL scanner services (such as virustotal.com) may report 'CLEAN' even if they cannot access the URL and this could result in a big impact on your business and brand.
For the same reason, generic threat intelligence feeds are unable to detect newly generated phishing websites if the attacker applied geo-blocking techniques. Almost all pre-built phishing kits in the Darknet come with inbuilt geo-blocking to improve their resilience.
SafeToOpen, on the other hand, connects to those suspicious URLs using a local proxy server located in the same geographical area as the targeted victims. It then scans the content against your business profile to detect possible anomalies. Once suspicious content is found, SafeToOpen sends an alert to your security team for further action, such as Takedown the URL and Blacklist the Sender.
Go up ^
Email security tools are insufficient
You might have invested in an email security gateway to protect email traffic in your organisation. But there are four main deficiencies common to all email security solutions:
1. They are unable to scan geo-blocked websites hence their results are not accurate. For example, Proofpoint TAP and Microsoft Advanced Email Threat Protection use URL replacement techniques and perform a scan once someone has clicked on the URL. Since their threat scanning engines are not able to access the malicious server, they might report the URL as 'CLEAN' and allow the connection to be made. They also use generic threat intelligence feeds to scan URLs. These generic feeds are not designed to detect targeted attacks.
2. Secure mail servers do not respond to suspicious emails so your security team has to spend time to manually verify and respond to individual emails.
3. No email security tool on the market is able to integrate with your webserver logs. SafeToOpen reads logs from your webserver to detect phishing activities at a very early stage even before the attacker sends out their malicious emails.
4. Market leading email security solutions use URL rewriting techniques that change the content of your organisation's emails. This interferes with chain of custody where the integrity of emails needs to be maintained.
SafeToOpen is a great complement to your current email security solutions. Since they are unable to deeply analyse all emails, they leave some gaps behind. SafeToOpen carefully analyses those emails and fills in the gaps by:
- penetrating the barrier of geographically-blocked phishing websites,
- being tailored to suit your organisation, brand and requirements,
- replying to staff who report suspicious emails,
- not changing the original content of the emails and,
- processing your webserver logs to detect newly made phishing websites.
Go up ^
Protecting your customers and brand
Protecting your brand and customers is crucial for your business but current email security solutions at their very best can only protect your staff. Phishing attacks work by impersonating your business and convincing your customers to login to a fake website designed to look like yours. They use multiple ways to deliver phishing URLs to your customers including email, text messaging and social media.
Once your customers attempt to login to a fake website it is too late. The best way to fight phishing attacks is to detect and takedown the phishing website before your customers even click on the URL. Most email security solutions on the market are only able to protect your staff. SafeToOpen, on the other hand, continuously monitors multiple sources of information to protect your brand, staff, and customers. These sources of information are:
- Reported emails (from your staff and customers)
- Reported text messages
- Your webserver logs
- Social media feeds
Unlike generic email security products, SafeToOpen focuses on individual businesses. Our tailored threat intelligence feeds along with Logo Matching techniques give your business a 360 degree protection against phishing attacks.
Go up ^
Phishing websites in social media
Social media creates opportunities for cybercriminals to gather information that can later be used for sophisticated attacks. The personal details shared by many on social media can be gathered by attackers to make impersonation attempts more convincing.
SafeToOpen's Social Media Monitoring tool continuously monitors several well known social media platforms (including Facebook, Twitter and Pinterest) and collects all public posts mentioning your business. It then extracts all URLs from these posts and verifies them to make sure they are not damaging the reputation of your brand - that is making sure they are not pointing to phishing websites.
Go up ^
Phishing through text messages
There is a dangerous new breed of identity theft scam known as “smishing.” Smishing scams are text messages sent to mobile phones. They work like this: Your customer gets an unexpected text message appearing to be from you informing them that their account has been hacked into and deactivated “for their protection.” The message tells them to click a link in order to reactivate their account. This link leads them to a phishing website.
SafeToOpen Text Verification enables your customers to verify suspicious text messages. All you need to do is provide your customers with a number to which they can forward these text messages. SafeToOpen's SMS gateway receives messages sent to this number, processes their content and replies to senders informing them whether they are safe. It also creates a ticket for each reported message in the SafeToOpen dashboard.
Go up ^
Integration and automation of security tools
Blocking malicious email senders (as well as spammers) in email security products has always been a time-consuming task. Sometimes you may want to remove the malicious emails from your staff's mailbox. You may also want to blacklist access to newly detected malicious websites. With no automation these tasks will take a significant amount of time.
One of the biggest challenges for security teams is to act on malicious email senders. This task requires some immediate changes to your email and web proxy servers. Malicious activities also need to be reflected in security monitoring tools (SIEM).
Embedding your email server's RESTful API with SafeToOpen enables you to automatically:
- Block the sender
- Move malicious emails to any folder
- Quarantine malicious emails before delivery
Taking down a malicious website
Once you have detected a phishing website that targets your business, it is very important to rapidly respond and take the website offline. Taking down a phishing website can be very difficult if your team does not have a good process. The most time consuming part of issuing a takedown is filling in the takedown template that matches the requirements of web hosting services, certificate issuers (if applicable) and domain registrars.
SafeToOpen's Do It Yourself (DIY) takedown makes the process of countermeasuring a malicious URL very simple by using a prepopulated website takedown template which is tailored to the specific URL. All you need to do is send this template to the appropriate parties. SafeToOpen then starts monitoring the URL and notifies you once takedown is complete.
Go up ^
Improving security awareness
Human error can have devastating consequences for an organisation's security. One breach due to a user's mistake can have a huge security impact. That's why you need to train your staff to identify and report suspicious emails to SafeToOpen or your security team.
SafeToOpen improves your organisation's security awareness with the following solutions:
1. In house/Internet based training: Attacks using email are evolving quickly. We provide training for staff to detect the latest phishing techniques.
2. Weekly Tips: In each email response from SafeToOpen you will find an educational "tip of the week". These tips are carefully designed to raise awareness and build knowledge so that your staff is empowered to identify and report phishing attempts.
3. Animations: When you subscribe to SafeToOpen, you will get educational animations that teach your staff how to verify suspicious emails and how to interpret the responses.
Business email compromise (BEC)
A business email compromise (BEC) is a type of attack in which the attacker gains access to a corporate email account and spoofs the owner’s identity to defraud the company or its employees (often executives), customers or partners of money. In some cases, an attacker simply creates an account with an email address that is very similar to one on the corporate network.
SafeToOpen is capable of detecting BEC by comparing a given list of executives or high-level employees related to finance or involved with wire transfer payments with the original sender of the emails and raising a red flag once detecting one.
Go up ^