From time to time, customers call in and ask us what we are doing to combat phishing attacks. My guess is that they are really asking how we combat spoofing as most malware attacks delivered via email use spoofing (that is, they imitate someone they are not). We filter mail for businesses, so they are especially concerned with keep malware out of their environment and email is one way it gets in.
The term phishing has become synonymous with spoofing even though the goals are different: phishers are trying to steal financial information by impersonating a bank, whereas spoofers are trying to infect your computer by tricking you into either clicking a link or opening an attachment; they do this by impersonating a brand you recognize. Sometimes they just straight up ask you for your username and password. Phishers use spoofing as a tactic, but not all spoofers are phishers.
For our purposes, we’ll assume that phishing encompasses both financial phishing and spoofing for the purposes of malware infection.
Customers want to know how we combat phishing. Actually, how we combat phishing is similar to how most spam filters combat phishing. Wikipedia has an entire section dedicated to anti-phishing (and spam filtering, for that matter). Yet despite the fact that it is a tactic that has been around for years, even today in 2012 it is still a problem. The fact that there is an industry working group – the Antiphishing Working Group – testifies to this.
Spam filters have a number of ways to combat phishing. Here are four:
This does not exhaust the full techniques available to modern filters. It is not even everything that we do. However, they are some of the most effective techniques used to stop spam in general, and phishing in particular.
While spam filters are one piece of the anti-phishing puzzle, this needs to be combined with best practices on the part of the organization, and the user. It’s not an either/or proposition, both need to work together.