Return Path Unveils New Anti-Phishing Service
By Ken Magill
Email intelligence firm Return Path today unveiled an anti-phishing service it claims can detect attacks launched from domains not owned by the company whose brand is being fraudulently used.
Phishing is a scam where criminals masquerade as representatives of companies to try and get people to reveal information such as usernames, passwords and credit-card information.
Clicking on a phishing email will typically take the consumer to a web page that looks like it is owned by the company the email purports itself to be from but in reality is owned by criminals trying to steal personal and financial information.
According to a statement from Return Path, its new service “represents the world’s first commercially available product capable of identifying fraudulent email from so-called lookalike domains (close variants of brand names) and from domains entirely unrelated to the brands being targeted in phishing or spoofing attacks. Of the types of phishing attacks that attempt to defraud consumers on a daily basis, most fall into this category – not appearing to come from targeted brands’ addresses.”
Email authentication—where senders publish certain information, such as what IP addresses are authorized to send messages on their brand’s behalf, so the ISPs can more readily identify email coming from those brands—is one weapon in the fight against phishing.
Domain-based Message Authentication, Reporting and Conformance, or DMARC—where senders can publish information telling email inbox providers that all of their servers have been authenticated—is another.
However, neither of these schemes addresses phishing attacks from domains unowned by the targeted brand, according to Ken Takahashi, general manager of anti-phishing solutions for Return Path.
“DMARC and authentication don’t address when a phisher uses lookalike domains or unrelated or completely unaffiliated domains,” said Takahashi. “Our customers have been telling us that upwards of 70 percent of their phishing concerns come from outside of the space that DMARC addresses.”
The service uses data from various Return Path internal sources, including spam-trap feeds, complaint feeds and data from email intelligence tool OtherInbox, according to Takahashi.
The service also employs data from ISPs, he said.
“Right now people find out about phishing from their customers or the news or something that’s very reactive. The damage has already been done,” said Takahashi. “The same visibility we have with our ongoing tracking mechanisms for their [Return Path clients] legitimate campaigns, we can start showing similar results on the presence of fraudulent campaigns. When did it start? Is it still going on? And in many cases we’re pulling in engagement data. Are they [the fraudulent emails] being engaged with? Are they being opened?”
The service can also help quantify phishing attacks’ effects on legitimate campaigns, said Takahashi.
“There are hard costs with phishing,” said Takahashi. “Hard costs to the consumer who has been breached [for example] But there are other costs that not everyone has been thinking about. What is the negative ROI on the next legitimate campaign that happens to go out after an attack?”