Cisco Email Security Appliance

Cisco IronPort Phishing Overview

Proactively Identify and Prevent Phishing Attacks

The Phishing Problem

Phishing is an attempt to criminally and fraudulently acquire sensitive information (such as usernames, passwords, and credit card details) by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email and often directs users to enter details at a fake website.

Responses to the growing number of reported phishing incidents include:

  • Legislation
  • User training
  • Public awareness
  • Technical measures

However, despite advanced filtering, better law enforcement, greater efforts toward user education, and other measures, phishing reports have continued to increase.

At Risk: Anyone Using Email

The individuals behind phishing emails are typically online criminals. They send out millions of these messages in the hope that a few recipients will act on them and provide their personal and financial information. Anyone with an email address is at risk of being phished.

Any email address that has been made public on the Internet (posting in forums, newsgroups, or on a website) is susceptible to phishing because the email address can be saved by "spiders" that search the Internet and grab as many addresses as they can. This is why phishing is profitable: Internet fraudsters can cheaply and easily access millions of valid email addresses and send their scams to them.

Figure 1

Download Overview (PDF - 1.7 MB)

Singling Out Individuals

Online criminals are increasingly turning to targeted phishing attacks, also called "spearphishing," where a specific organization or group of individuals is singled out. The scammers rent or steal lists of valid email addresses for a target organization or group. They then create plausible emails using social engineering to lure their recipients into supplying personal data.

In addition to soliciting login information, targeted phishing emails can also deliver malware, such as, keystroke logging programs to track everything the victim types. Ultimately, when targeted phishing succeeds, it has the potential for a bigger payoff, making the criminals' incremental investment worthwhile.

Figure 2
Targeted phishing attacks require criminals to efficiently build appropriate resources and trick victims into revealing valuable private information

Mitigating the threats posed by phishing requires a layered approach to Internet and communications security. Employing a combination of solutions-based, policy-based, and behavioral-based controls can drastically reduce organizational vulnerabilities.

As security is a never-ending race against threats, it is important to analyze existing security infrastructure on a regular basis. When choosing a technology to assist in the prevention and mitigation of phishing and other attacks, few factors are as important as how often the technology updates itself. Threats are dynamic and evolutionary. The minute one is dealt with, another is on the rise.

The Cisco IronPort Solution

As a member of the Anti-Phishing Working Group (APWG), Cisco is dedicated to addressing the threat of phishing. Cisco IronPort gateway security appliances provide the first line of defense in a comprehensive security approach to combat phishing. Anti-phishing features on these appliances detect current phishing attacks, helping organizations protect their employees. Phishing techniques, which are continuously evolving, often thwart traditional, reactive security defenses. Cisco IronPort technology automatically adapts to new threats as they appear. It proactively identifies them, and helps ensure companies no longer need to constantly watch for and recover from these damaging attacks.

Figure 4

Using data from Cisco IronPort's SenderBase Network, Cisco IronPort technology examines the complete context of a message, including:

  • What content the message contains
  • How the message is constructed
  • Who is sending the message
  • Where the message's call to action takes you

By combining these elements, Cisco's anti-phishing features go far beyond competitive solutions to stop the broadest range of threats with industry-leading accuracy.

Cisco IronPort Web Security Appliances provide a multilayered approach to address phishing and other Internet threats and have multiple built-in anti-phishing features, including:

Cisco IronPort technology is a truly effective solution, providing both proactive and reactive protection against phishing. Measures such as DKIM signing of email clearly identify mail sent from your organization. At the same time, automatic updates to signature files and preventive security defenses consistently provide the latest protection and information on emerging threats.

Cisco IronPort products can support and protect your infrastructure, not only from today's threats, but from those certain to evolve in the future.

Additional Resources