Iconix Acquires Exclusive Rights to IP Portfolio of Brandmail Solutions

ICONIX, Inc., the industry leader in visual email solutions, announced today that it it has acquired exclusive rights to the intellectual property portfolio of Brandmail Solutions. This acquisition provides Iconix with technology that will enable rapid, large-scale deployment of services that visually identify legitimate messages, thus protecting users and brands from phishing attacks and increasing user engagement with email.

“With the recent wave of data breaches and increased spear-phishing threat to consumers and enterprises, the need for a simple, intuitive indicator of trusted email is greater than ever,” said Jeff Wilbur, vice-president of marketing at Iconix.  “The Brandmail technology dovetails perfectly with ours, and by integrating it with our existing standards-based solutions, we can bring a richer offering to more consumers more quickly.”

You can read the entire press release at:   http://www.iconix.com/corp/pr-20110630.php.

Spear-Phishing a Major Concern — IID Survey

Internet ID (“IID”) recently released a survey on concerns about spear-phishing.

IID surveyed a large government organization, major online brands, and large and small banks.  The survey revealed that because of recent breaches, many are concerned about spear-phishing .  More than 85% of respondents acknowledged some concern about spear phishing, with 33% saying that they are “extremely concerned.”

There are two types of spear-phishing, each requiring a specific solution.

The first type of spear-phishing occurs when the criminal deceives consumers by masquerading as a trusted sender.  A recent example of this scam was the fake email offering HSBC customers tickets to Wimbledon.  The criminals used a lot of real facts to create a very convincing scam.  Similar scams deceived Coke and McDonald’s consumers.  For consumer facing spear-phishing, Iconix offers its Truemark service.  The Truemark service  identifies the email sender using icons that indicate the identity of the sender.

The second type of spear-phishing occurs when the criminal masquerades as a colleague working inside an organization.  This is the type of attack that was used against the International Monetary Fund, the U.S. State Department,  Oak Ridge National Laboratory and the French Finance Ministry.  Iconix offers its SP Guard service to fight fake internal emails.

It is important to know who is sending you email.  Know Who.  No Doubt.  Iconix.

HSBC Customers Phished

Naked Security reports on a phishing scam directed at customers of HSBC.

Scammers sent out emails which offered the email recipient free tickets to the Wimbledon matches.

In order to claim the prize, the attached form had to be completed.

The email has some clear signs of being real.  HSBC really sponsors Wimbledon and HSBC really runs a contest to meet Tim Henman.  Unfortunately, the email isn’t from HSBC, there are no free tickets and if the form is completed, the recipient’s identity is stolen.

Naked Security reminds us to always be suspicious of unsolicited emails from your online bank – especially if they ask for information like this. To that we add that you should use the latest version of a reputable security product and install all the security patches for your operating system and applications.  But you need to do more.  You need a product that will identify legitimate emails from many of the leading consumer brands. Distinguishing real email from fake email is hard.  Unless you have the right tool.

Know Who.  No Doubt.  Use eMail ID.

International Monetary Fund Infiltrated — Spear-Phishing

Bloomberg is reporting that the International Monetary Fund (“IMF”) has been infiltrated, probably by a spear-phishing attack.  Spear-phishing is a scheme of deception in which the perpetrator uses personalized information about the email recipient to heighten the perceived value of the email’s call to action, thereby inducing the recipient to take detrimental action.  

 Bloomberg reports that a large quantity of data, including documents and emails, had been compromised.  The Bloomberg article cites one IMF memo which said that the IMF had disconnected its network connection to the World Bank as the result of the attack.

Bloomberg reports that on June 1, 2011, the IMF technology staff sent a warning to employees that they should not open emails and videolinks without authenticating the source.  No doubt, this is good advice — but how does someone authenticate the source of an email?  Research has demonstrated the ineffectivness of security built upon users’ careful interaction with email.

In response to schemes such as this, Iconix has released SP Guard. 

SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

1. List View. There is an integrity indicator in the list view of the email client.
2. Message. The open message has a further indicator of authenticity.
3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.

To learn more, visit us at http://www.iconix.com/business/spearphishing.php.

Spear Phishing Examples

The recent compromise of the email accounts of U.S. Government officials has been widely reported.  As the New York Times reported, these emails appeared to come from trusted colleagues.  The content was consistent with what was expected from real emails.  Because of the apparent source of the emails and the relevant content, the recipient was deceived into taking compromising actions. 

How hard is it to create a compelling email?  What do these spear-phishing emails look like?   We find the answer at contagio, where several examples of these malicious emails are posted.  Here are two:

The first example shows how the content was carefully conceived and drafted to appear authentic.  The attachment also appears authentic and is consistent with the text.

The second example shows just how easy it is to deceive someone.  By merely faking a trusted from email address and using a vague, but relevant, subject, the attachment was imbued with enough credibility to deceive the recipient into opening it.

In response to schemes such as this, Iconix has released SP Guard. 

SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

1. List View. There is an integrity indicator in the list view of the email client.
2. Message. The open message has a further indicator of authenticity.
3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.

To learn more, visit us at http://www.iconix.com/business/spearphishing.php.

FBI Investigates Spear-Phishing

On Thursday, June 2, 2011, Secretary of State Hillary Clinton said that the FBI would investigate Google’s accusation that Gmail accounts were hacked by China.

Secretary of State Clinton Addresses Spear-Phishing

The New York Times cites Lt. Col. Gregory Conti, a computer security expert at West Point  as saying that the  momentum is on the side of the attackers.  He observed that it is becoming harder and harder to detect fraudulent emails because the bad guys were able to gather so much information about their targets from the Internet, particularly from social networks like Facebook.   

“What’s ‘wrong‘ with these e-mails is very, very subtle,” he said, adding: “They’ll come in error-free, often using the appropriate jargon or acronyms for a given office or organization.”

The way to stop such efforts is not clear, Mr. Conti said: “It’s an open problem.”

Of course, what is wrong with these emails is not subtle.  The sender is mis-identifying itself.  What is subtle is determining the mis-identification of the sender.   This is the function SP Guard from Iconix. 

SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

1. List View. There is an integrity indicator in the list view of the email client.
2. Message. The open message has a further indicator of authenticity.
3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.

To learn more, visit us at http://www.iconix.com/business/spearphishing.php.

Google says hackers based in China accessed U.S. officials’ Gmail accounts

Today it has been widely reported that gmail accounts of U.S. Goverment officials were accessed by hackers.  The Washington Post reported:

Google said Wednesday that personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists, had been exposed. Google traced the origin of the attacks to Jinan, China, the home city of a military vocational school whose computers were linked to a more sophisticated assault on Google’s systems 17 months ago. The two attacks are not believed to be linked.

The security blog contagio first reported on this problem on February 17, 2011.  The contagio post, by Mila Parkour, reported that government officials were being targeted with spear-phishing attacks.  The spear-phishing emails were carefully crafted to appear as real email from government agencies.  The messaging in the fake emails was carefully crafted to appear genuine.  The emails had attachments or links which, when opened, tricked the recipient into disclosing their gmail credentials.  The contagio post shows several examples of these spear-phishing emails.  contagio reported that after obtaining the credentials,

they [the hackers] login to the victims gmail account and may do the following:

• Create rules to forward all incoming mail to another account. The third party account ID is made to closely resemble the victims ID
• Read mail and gather information about the closest associates and family/friends, especially about  frequent correspondents.
• Use the harvested information for making future mailings more plausible. Some messages are empty while others may have references to family members and friends (e.g. mention names of spouses or refer to recent meetings) and plausible enough to generate responses or conversations from victims. We are not posting those examples due to personal nature.
• Send such emails on monthly or biweekly basis . The messages are different like you see below but all have have the same link and designed for updating the victim credential information they already have.

In response to schemes such as this, Iconix has released SP Guard. 

SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

1. List View. There is an integrity indicator in the list view of the email client.
2. Message. The open message has a further indicator of authenticity.
3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.

To learn more, visit us at http://www.iconix.com/business/spearphishing.php.