ICONIX, Inc., the industry leader in visual email solutions, announced today that it has released the initial version of a product that defends against spear-phishing. The product, called SP Guard™, allows email recipients to differentiate real email from spear-phishing emails though the display of an authenticity indicator in the inbox and in the open message.
Spear-phishing is a highly targeted email scam in which the email is carefully crafted to entice the specific recipient. This differs from typical spam-like phishing scams that are based on fooling a small percentage of a large number of recipients. These are many examples of recent spear-phishing incidents:
- Operation Aurora, which compromised many commercial entities, including Google, Intel, GE, Sony, Disney, and Adobe.
- French Ministry Of Economics, Finance and Industry
- Canadian Government
- U.S. National Science Foundation’s Office of Cyberinfrastructure
In each case, the data compromise occurred because the recipient of the spear-phishing message could not distinguish real from fake, which is especially difficult if the message looks like it’s from a trusted entity and contains content that is specific to the recipient. Telling users to be alert and careful is good general advice, but how can they really know what’s real and what’s not?
Iconix SP-Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm. Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:
SP-Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
You protect your systems from technical exploits using a variety of tools. Now you can protect your systems from the exploits that prey on the users themselves. It only takes one user to be fooled by a spear-phishing attach to cause a major compromise of data. French investigators of the Ministry of Finance data breach observed: “Staff exchange many messages. It’s like metastases, the risk of spread is important. ”
SP-Guard is available now from Iconix. For further information, contact our sales team. At 408-727-6342, ext 3 or use our online form.