A software professional working for a banking client gets an email one morning. The email appears to be from the support team and it states that his account has been locked and he will not be able to perform his tasks that day unless he resets the password. The email also gives him a link where he could reset his password. In a hurry to start working on his pending work, he clicks on the link and resets his password as directed. But, this time he gets locked out of his account for REAL. Upon contacting the actual support team, they inform him that the link that he clicked on was a phishing link and when he entered his credentials, he literally gave his credentials to the phisher.
Such incidents are the sources of big successes to a spammer and an immeasurable loss to the banking firm. These result in a spammer’s entry into the bank architecture and access to the most confidential information. How can such a situation be avoided?
Proactive identifying and blocking of spam is possible, when we are able to identify the patterns and methods followed by the spammers. Spammers come up with new techniques like deliverability testing and spear phishing, resulting in a large difference between the amount of spam sent out and the amount of spam blocked by the mail filters every day. Organizations have to be a step ahead of them and honey trap the spammers.
In order to achieve this, mail filters in the mail architecture have to be updated with the patterns and spam samples. As a majority of the clients are spread across various continents, the associates must be educated with the spam laws passed globally such as in the USA and the European Union. According to section 66 (A) of the Indian Information Technology Act amendment 2008 sending spam is an offence punishable with a fine and imprisonment up to three years.
To effectively combat spam, every Email Service Provider (ESP) should have an Incident Response Team (IRT) as their first level of defense. The IRT should do the root cause analysis and find the patterns with the data points and proactively block the phisher. There should be a common repository of intelligence on spammers and hackers, where every organization obtains inputs to build their spam filters and analyze the patterns. The ESP should therefore come forward to feed the repositories, which will help in proactive blocking of spammers.
To know more about the current spam patterns and root cause analysis, please take a look at the attached PDF, where steps to identify the spammer and roles of Incident Response Team are discussed.
By Pranaya Enugulapally