A recent article on the Help Net Security website discussed the results of research into the effectiveness of phishing filters. Phishing filters are used in email security to scan emails for malicious links or attachments.
Phishing filter technology is becoming widely adopted and it’s generally thought to be pretty effective at preventing phishing attacks. That’s not what the research found.
The research was conducted by academics at the University of Plymouth’s Centre for Security, Communications and Network (CSCAN) located in the UK. The research assessed the effectiveness of phishing filters employed by various email service providers.
What the researchers discovered was that “In the significant majority of cases (75% without links and 64% with links) the potential phishing messages made it into inboxes and were not in any way labelled to highlight them as spam or suspicious. Moreover, only 6% of messages were explicitly labelled as malicious.”
In some regards, these results are not unexpected. First, email service providers are experts at providing email, not preventing phishing. Second, ideally, phishing filter technology should be deployed in the cloud to stop phishing emails from reaching the inbox. But cloud deployment means outsourcing, something email providers are reluctant to do. And third, email providers that do implement this technology typically use only one phishing filter provider. Naturally, they do this to minimize expenses. Unfortunately, this comes at the cost of more vulnerable email.
At Phish Protection, we understand these limitations. It’s why we deploy cloud-based phishing protection technology. It’s also why we use not one, but SIX email filtering services to filter emails for phishing content before they reach the user’s inbox. The six service providers are:
- Cyren Outbreak Protection
- PhishTank data clearing house
- Google Safe Browsing
- Vade Secure Advanced Email Protection
- Webroot Internet Security
- Sophos real-time protection
When you use Phish Protection, you’re deploying six layers of phishing defense. And each of these is updated in real-time to help defend against the most difficult phishing attacks of all: zero day attacks.
If you’re email provider tells you you’re protected from phishing attacks, you’re not. At least as not as much you could be. When you’re ready to fully secure your organization against phishing attacks, head on over to PhishProtection.com. Try it free for 30 days.