On Thursday, June 2, 2011, Secretary of State Hillary Clinton said that the FBI would investigate Google’s accusation that Gmail accounts were hacked by China.
The New York Times cites Lt. Col. Gregory Conti, a computer security expert at West Point as saying that the momentum is on the side of the attackers. He observed that it is becoming harder and harder to detect fraudulent emails because the bad guys were able to gather so much information about their targets from the Internet, particularly from social networks like Facebook.
“What’s ‘wrong‘ with these e-mails is very, very subtle,” he said, adding: “They’ll come in error-free, often using the appropriate jargon or acronyms for a given office or organization.”
The way to stop such efforts is not clear, Mr. Conti said: “It’s an open problem.”
Of course, what is wrong with these emails is not subtle. The sender is mis-identifying itself. What is subtle is determining the mis-identification of the sender. This is the function SP Guard from Iconix.
SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm. Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:
SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard is available now from Iconix.
To learn more, visit us at http://www.iconix.com/business/spearphishing.php.