Following on from our previous blog posts about how to spot phishing emails and what to do if you accidentally clicked on a malicious link, we now explore the ways you might prevent these emails from even reaching your inbox.
There are multiple email filtering products available, all have the basic aim of preventing bad and unwanted mail from reaching the end users’ mailbox, whilst allowing the good and necessary stuff through without delays.
As with any screening system, a balance needs to be established. Set the filter too coarse (or permissive) and some unwanted stuff will get through, conversely, set it too fine (or strict) and innocent mail will be trapped as well as the malicious stuff.
The development of AI (artificial intelligence) and machine learning techniques are now being applied to email monitoring software. This has made it much easier to see through the increasingly sophisticated disguises that criminals are using.
1. Outlook Junk Mail Filter
Most email programs (e.g. Outlook, Windows Mail) incorporate a ‘Junk Mail’ filter. These typically look for embedded web links and keywords, or email-sending domains that have not been seen before. They simply move suspect items to a ‘Junk Folder’
2. Mail Gateways
This is the ‘traditional’ way of screening inbound mail and is typically used in larger organisations. All email traffic is channelled through a single entry point and screened and evaluated against a set of rules.
Although effective in blocking obviously dodgy email, mail gateways tend to be less flexible for small businesses. They require continual monitoring and reviewing of quarantined items, and struggle to differentiate between deliberately misconfigured email senders (where a criminal will aim to obfuscate the origin of mail) and those that have a slightly incorrect setup
Originally designed for use with on-premise mail systems, they are less suited to cloud-based platforms such as Microsoft365
3. Intelligent Mail Screening
Microsoft365 already includes a powerful mail screening engine as part of the Microsoft Defender module. This is constantly being updated by threat intelligence gathered from across the entire Microsoft network and is included as part of the MS Exchange Online products. This system will neatly quarantine suspicious items, advises the end user to review the item, and is seamlessly incorporated into the Outlook program.
One aspect that almost all mail filters struggle to identify is ‘imposter’ attacks (also referred to as ‘whaling’ attempts). This is where criminals impersonate a senior manager in the organisation and make plausible requests for confidential data, or actions such as ad-hoc money transfers.
Systems such as Graphus integrate with the MS365 platform to enhance the built-in screening, specifically using AI to identify new senders and possible impersonation attacks and add appropriate warnings to the end recipients advising caution.
If you missed our earlier blog posts in this series, you might want to read Can you spot the tricks being used to con you into clicking on a phishing email? or What you should do if you think you clicked on a malicious link?
Our Managed IT Service is designed specifically to meet the needs of small businesses in the North West, allowing them to focus on what they do best.
So, if you run a small business in the North West and want more information about anti-phishing software or our security awareness training then please get in touch