Week of 9/13—9/17 

This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.

 

Forwarded this email? Sign up here

New Website Content

 

Allow Phishing: The Problem with Allow Lists

 

In this blog, we discussed the problem with Allow Lists. The concept behind Allow Lists is that it's a list of addresses or sites that you've deemed safe. Often, major sites like Google, Apple, Facebook and more will be on these lists. Hackers have noticed this and have begun to spoof these legitimate websites to get through to the inbox. In this blog, we show the example of a spoofed Apple email. Hackers spoofed the Apple website, using the domain "id.apple.com". That domain was on the customer's Allow List, allowing this credential harvesting email to sail into the inbox. We also discuss our research that shows that 8.14% of phishing emails ended up in the inbox due to an Allow List misconfiguration. With SEGs, that number increases to 15.4%. We also talk about the importance of AI to uncover these attacks. 

     

 

Bad Sender: The Importance of Sender Reputation

Sender reputation can be an important way to decipher if an email is phishing or not. Our research shows that 84.3% of all phishing emails don't have a significant historical reputation with the victim. If sender reputation isn't one of a number of tools to determine the intent of an email, it can leave end-users with a choice. We show two very similar emails, one of which is malicious, the other legitimate. If this reaches the inbox, the end-user is tasked with trying to figure out whether to click or not.