A new survey released Tuesday by the Chantilly, Virginia-based security and anti-spam company PhishMe has a lot to say about filtering phishing attack emails in the corporate environment. PhishMe conducted a survey at this year's Black Hat hacker conference in Las Vegas, July 24th to the 26th. PhishMe surved 250 security professionals, of whom more than two thirds (69 percent), have said they encounter phishing messages that get past anti-spam filters at least a few times a week. Nearly a quarter of those surveyed say they see multiple phishing emails daily in their corporate network users' mailboxes.

"Phishing" is the name given to a form of an email attack that uses social engineering tactics to lull the recipient into a false sense of security in order for them to click links within the email. The email can have links that look like they go to real sites, but are in fact redirecting Unicode Urls that don't show up properly in most email clients still. The point of these emails is to gather user information though man-in-the-middle style attacks, or to get the user to malicious websites that can execute malicious code, installing viruses or rootkits on a system. A more targeted form of this type of attack is called "Spear Phishing", an email attack in which the phishing emails are targeted to a specific person or group of people, usually people within an organization that shares a common set of information.

Continue reading →