Threat Intelligence Blog

To better understand the daily risks consumers face from phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks, Cyveillance test sampled unique and confirmed phishing attacks uncovered against a variety of organizations. To measure the effectiveness of some of today’s leading anti-phishing solutions, Cyveillance fed these confirmed live attacks through four of the most widely used anti-phishing browser-based offerings. The data was fed in real time to each solution and then again 24 hours later to determine detection rates over a minimal period of time. The specific detection rates of each solution used during the testing are below:

As the results show, even the most popular Internet browser anti-phishing applications detect less than half of the phishing attacks when the attacks are initially launched. The attack detection rate improves significantly after a period of 24 hours. Unfortunately, the majority of the damage caused by phishing attacks is realized during the first 24 hours after an attack is launched as illustrated in The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks, which can be downloaded at http://www.cyveillance.com/web/forms/request.asp?getFile=112. Given these facts, reliance on browser-based tools to protect consumers against phishing attacks is not an adequate phishing defense strategy.

For more information about Cyveillance’s research findings, please visit: http://www.cyveillance.com/web/forms/request.asp?getFile=113

Additional Posts

Another Contrary Perspective – Recent Reports of “Over-Phishing” Are Flawed

In their recent paper “A Profitless Endeavor – Phishing as Tragedy of the Commons” Cormac ...

Phish-Pharming: Using social engineering to hijack domains at the source

Recently, there have been several high-profile incidents involving a novel combination of ...