Phishers' Kryptonite: Big Data

Over the last few years, spam has become a “largely solved” problem.  The average consumer sees very little spam in the inbox (although there is *a lot* of spam at the gateway). Many of the criminals that had been focused on spam have moved on to phishing.  Volumes of phishing attacks are up more than 150% year over year, according to RSA and the Anti-Phishing  Working Group. Just as spam had a very negative impact on email marketers — inboxes crowed with spam drive lower response rates — phishing has a very negative impact on email effectiveness. According to surveys, 40% of victims of phishing attacks are much less likely to interact with the phished brand. Just as with spam, our goal is to make phishing a “largely solved” problem.

Solving the phishing problem has been made more difficult by the increasing sophistication of phishers. Of course consumers are gaining sophistication, too: We recognize scams faster. We’re tipped off by sloppy creative, wrong brands, unfamiliar senders —nbut phishers are keeping up with us. Well-crafted spear phishing campaigns like the one that duped the Associated Press last month are becoming the norm, and as criminals are get better at mimicking real messages, the brands they target are caught in the middle. In a Bizarro World twist, fraud is increasingly part of their customer experience – phishing attacks are the ultimate anti-branding campaigns.



Last January’s DMARC launch was the first big-data antidote to phishing, and it works. Thanks to instant critical mass from the mailbox provider community, this authentication-based solution can see and defend more than 60% of all mailboxes in the world – and more than 80% in North America – at least from one common variety of phishing. When fraudulent messages look like they’re coming from your sending domain but can’t be authenticated – either because someone sending email on your behalf isn’t authenticating correctly, or because they’re phishing attempts – DMARC lets you see them and keep them out of your subscribers’ inboxes. This is remarkable progress in the fight against phishing.

Cybercriminals are evolutionary specialists, though. They’re already using lookalike domains (close variations of brand’s sending domains) and even entirely unaffiliated domains to send fraudulent messages, because brand owners don’t control and can’t authenticate these. So authentication-based solutions can’t detect these attacks, but another big-data approach can.

Big Data’s X-Ray Vision

Rapidly advancing analytical capabilities allow massive amounts of email data to be parsed and filtered to quickly find anomalies like mismatched “from” domains and hyperlinks, so we can see suspicious patterns fast enough to investigate them and respond immediately. Mailbox providers and brand owners, especially in the financial services industry, are working together to help identify indications of fraud in the mailstream, and escalating computing power is only making this easier. As technology gives us an increasingly better view of the vast expanse of email data, it’s already becoming harder for phishing attacks and cybercriminals to hide in it.

The stakes are huge in the war against phishing. Email remains the best way for brands to stay connected to consumers, and the threat of fraud is destroying customer relationships and eroding trust. Phishers will continue to adapt as we find new ways to defend the channel, but the new “big-data” approach is changing the fight (at least for now). We’re confronting a security (and marketing) problem, but the best progress we’ve made toward solving it comes from understanding that phishing is first and foremost a big-data problem.

1 comment about "Phishers' Kryptonite: Big Data".
Check to receive email when comments are posted.
  1. Pete Austin from Fresh Relevance, May 8, 2013 at 12:56 p.m.

    The article only applies to large-scale phishing: B2C fraud if you like. Big Data is useless against small-scale phishing aimed at small numbers of high-value targets: B2B fraud, or "spear phishing". You, dear reader, probably work in a marketing company with access to customer lists and the like, so you are high value to a fraudster. Don't rely on technology alone to protect yourself.

Next story loading loading..