Cyber-attacks making headlines these days have resulted in embarrassing tweets, website defacement, and even theft of intellectual property. What’s the common thread in many of these events? Often, the inbox of an innocent employee. Whether it’s a low-tech phishing attack or embedded links leading to advanced malware, email still remains the most vulnerable and direct route to individuals within a corporation, and from there, sensitive information held within corporate walls.
When it comes to phishing, anyone is susceptible. Take the recent breach at satirical news source The Onion, where foreign attackers used a campaign of social engineering to infiltrate The Onion’s corporate network. The campaign began with an email to a small group of Onion employees – starting with a minimal footprint to avoid detection. This email contained a link which appeared to be from The Washington Post, but actually led to a phishing site asking for credentials to the corporate Google Apps account.
At least one employee entered their credentials, and that’s all the attackers needed.
Let’s take a moment to discuss where security measures failed in this incident. First, the incoming phishing email contained a link which redirected to an alternate address. At the time the email was sent and scanned by The Onion’s email filtering solution of choice, this link may have registered as safe. The inflection point however, was the exact moment when the employee clicked on the link. This action initiated the series of events which resulted in stolen credentials, and eventually expanded access to internal email and social media accounts.
You may be asking at this point, but that was just human error – right?
Well, partially. Employees educated in the potential threats that can make it into their inbox can sometimes spot phishing emails based on something feeling (no pun intended) “fishy”. People are busy however, and don’t always take the time to mentally evaluate the content of an email before clicking. A quick judgment call can lead to a data breach if the right precautions aren’t in place.
The fact is, companies don’t have to rely exclusively on the quick judgment calls of their employees to detect questionable email content anymore. We’ve made strides in this area, and I’m excited to share a great advancement with you here. We call this email security feature McAfee ClickProtect, and it does just that – protects users right when they click.
Take the example above, where The Onion employee clicked on a link that directed to a phishing page. With McAfee ClickProtect, the moment someone clicks a link, we send the web request off to our cloud-based web protection service where it is scanned for URL reputation based on our Global Threat Intelligence (GTI) network and for threats using our award-winning Gateway Anti-Malware engine. This engine, unique to McAfee, dissects and proactively emulates web page content, uncovering zero-day malware at an industry-leading 95% detection rate (see third party analysis here). If the page isn’t blocked for malicious content at that point, we even provide the option to show users a non-functioning preview of the page they’re about to visit, giving them an opportunity to judge for themselves whether the link they clicked actually goes to the right page.
Figure 1 – McAfee ClickProtect Web Page Preview
When malicious web content tries to hide secretly behind a link, McAfee ClickProtect puts it front and center and exposes its true nature. The inactive preview, as shown above, allows users to easily detect the difference between the link they see, and the page it brings them to. So whether a phishing attack uses malware or just social engineering – the attempt is stopped right at the click.
Think about your email security solution – and what it can really do to stop these attacks. If you can’t come up with a good answer, check out our cloud-based email protection service that protects users in any location and on any device, now featuring McAfee ClickProtect.