Phishing e-mails are specifically created to imitate legitimate e-mails, often copying actual corporate communication. Billions of phishing e-mails are sent out every month and can lead to identity theft, security breaches, and financial loss and liability. The average successful fraud nets $1,400, and the latest research estimates that phishing caused more than $44 billion in damages worldwide in 2004.
The New Target: Businesses
Flush with the success of defrauding consumers, fraudsters now are turning their sights on businesses. Leveraging social engineering to evade corporate security systems, fraudsters gain network access and steal confidential corporate data and financial assets. With the unwitting cooperation of an employee, every network defense is useless, including firewalls, IDS/IPS, and secure identification cards.
Phishing Is Not Spam
Because phishing e-mails are designed to look like legitimate business correspondence, they consistently elude spam filters. Phishing requires specific analysis, identification, and handling. And e-mail policies alone cannot be used to protect the organization. Here are the primary differences between spam and phishing e-mail:
How does it arrive?
- Spam: Sneaks in the back door
- Phishing: Walks in the front door
How does it make its offer?
- Spam: Looks bad, seems far-fetched
Phishing: Looks plausible, seems credible
What is it trying to do?
- Spam: Tries to sell you something
- Phishing: Tries to steal something from you
A Unique Solution for a Unique Threat
The only solution that uniquely identifies e-mail phishing, SonicWALL not only captures phishing, but provides complete protection through SonicWALL Cognite™, a revolutionary evidence evaluation system that includes fraudulent e-mail header, content, and contact point analysis. The three points of SonicWALL Anti-Phishing are:
Headers
SonicWALL Anti-Phishing protection includes header analysis with Sender ID and SonicWALL Reputation™ evaluation, which uses SonicWALL’s leading reputation database of over 20 million contact points to validate the quality of the e-mail message and sender. SonicWALL Anti-Phishing header review also includes cross-reference with SonicWALL’s proprietary, real-time black list of known senders of phishing e-mail. Key to the success of SonicWALL header analysis is the support of SonicWALL SMART Network™, which is a real-time network of over one million global users whose responses enable SonicWALL to determine how to quickly identify phishing e-mails.
Content
Leveraging SonicWALL’s expertise and success with Adversarial Bayesian™ for anti-spam, SonicWALL Anti-Phishing incorporates Bayesian Fraud™ into its content analysis. Developed from an extensive database of phishing and fraud samples collected from the SonicWALL SMART Network and vetted by SonicWALL Research, Bayesian Fraud content analysis differentiates and isolates phishing fraud from spam during the filtering process.
Contact Points
Spearheaded by SonicWALL Research, SonicWALL is the industry leader in contact point analysis. SonicWALL Anti-Phishing offers three levels of contact point review:
Browser Exploit Detection
SonicWALL analyzes e-mails for items such as obfuscated URLs, port-number inconsistencies, redirections, and encoding that exploit vulnerabilities in browsers and operating systems.
Social Engineering Trick Checks
Techniques, such as Divergence Detection™, which examines the difference between the appearance of a link and the actual result of acting on that link, are used by SonicWALL to search for tricks common in phishing fraud e-mails, but not in legitimate ones.
Real-Time Phishing List™
SonicWALL cross-checks all contact points against its Real-Time Phishing List™, the industry's most extensive list of known phishing links.