From Krebs on Security:
“When that email came through, the difference didn’t jump out at me. In hindsight, it blows my mind that it doesn’t bother me more than it did. But in the hustle and bustle of the day, I was not on guard for something like this. Now, I’m second-guessing everything.”
The technique being discussed is known as imposter fraud, CEO fraud, or social hacking.
The other problem is when going to handle these spear phishing emails the users might accidently click on a link, they might send the actual email instead of attaching the phishing email to a “safe” email, and you don’t know what they did with the phishing email after they sent it.
And that’s even if your users are motivated enough to report it in the first place!
What’s needed is an app that places a toolbar button in Outlook that will easily allow users to 1) identify spear phishing emails and 2) make it super simple to forward the email to an admin or CSO (Corporate Security Officer). This allows users to take part in the defense of corporate email.
And that’s exactly what we’ve developed.
This Phishing Net AI for Microsoft 365 app was created in response to actual phishing attempts made on our clients’ systems.
This Outlook add-in analyzes emails with AI to quickly examine any URL links found in an email and provide an overall, easy to read PhishScore™ for each of those URLs. You can easily see the PhishScore™ any email gets in the Task Pane, along with the text shown and more importantly, the actual underlying URL.
Our PhishScore™ is powered by our own internal techniques and by an industry leading AI tool that can quickly and effectively analyze emails to detect malicious phishing links in emails. In particular, it gets right to the heart of the problem – the URLs that users might inadvertently click on. It looks at URLs to determine their validity, first checking against a database of known bad URLs and then examines various parts of the URL to return an overall score on how dangerous a particular link might be.
The Phishing Net AI app for Microsoft 365 also has a Submit button (at the bottom of the task pane) that makes it super easy for your users to report a suspicious email to your security team. With this Outlook app in place once the user has identified a suspicious looking email, all they have to do is click the Phishing Net AI toolbar button. The Phishing Net AI app then starts a new email pre-addressed to your IT staff or corporate security officer, grabs the suspicious email and attaches it, then sends that email (we call that the notification email). After that notification email has gone out successfully, it deletes the suspected phishing email. Nothing could be simpler and safer for your users.
The main advantage of handling phishing email attempts like this is that it streamlines the way you work with them. For instance the ability to have identical subjects in the notification email for each occurrence means that you can use Outlook rules to easily funnel all of these notifications to a subfolder, or even create an entire new mailbox for holding all of the attempts for easy analysis later. From there the phishing emails can be analyzed and dealt with (depending on their severity) or possibly even send a company wide alert if a particularly clever attempt is made on more than one employee. Reporting to a central address gives you information about the kind of attacks that are occurring as well as how many employees are being targeted. Having this kind of quality information lets you know how sophisticated the scammer attempt is.
New! You can now find us on Microsoft AppSource!
This Phishing Net AI for Microsoft 365 app, like many Sperry Software add-ins, was made with the input and suggestions of other Sperry Software customers. We think it will make a great addition to your layers of email defenses.
Note: If you or your company is interested in getting a customized version, please get in contact with us for pricing and to discuss options. We have created versions for other companies that pre-fill the address to submit the suspicious emails to (and any of the other options), and disable the options altogether (except for the Submit button obviously).