“We are losing privacy at an alarming rate...we have none left.” -John McAfee
In today’s interconnected, always-on world, privacy is a common concern. And, because we often leave ourselves open online, phishers don’t even need to knock to find a way in. Whether it’s through malicious attachments, phony links, or a straight-up BEC attack in which they impersonate someone you know, phishing is bigger (and badder) than ever. The solution seems simple: anti-phishing software. But are these phishing prevention tools further compromising our privacy?
Types of Phishing Attacks
Before delving into anti-phishing software security, it’s important to understand the most common types of phishing attacks.
- Normal phishing. Sometimes called deceptive phishing, this is when a hacker sends out a large batch of emails in an attempt to hook anyone they can.
- Spear phishing. This hack targets a particular individual or organization, using personalization to get people to take the bait.
- Whaling. Size matters, and it’s no more apparent with this scam in which hackers target the most prominent members of a company after weeks or even months of trust-building.
- Clone phishing. These emails mimic an email that was recently sent from a legitimate person or company, only this time requesting more information than necessary.
- BEC phishing. Short for Business Email Compromise, this is when a phisher pretends to be a member of a company’s C-suite, requesting information from a lower-level, yet still able, employee.
- Slack attack. Phishing has moved past email, and today phishers are using communication channels such as Slack to dupe people into divulging information.
Want to learn more about these phishing tactics? Read our story 5 Types of Phishing You Should Know About & How to Stay Protected.
How (Most) Software Platforms Identify Phishing Scams
So can an anti-phishing solution protect against these threats while still maintaining privacy? It’ll likely depend on the product or service. There are numerous anti-phishing software solutions that dig deep into emails to understand whether they’re safe or not. That means they’re reading every word, viewing every image, checking every link. Uncomfortable with this? We thought so. Not only is it an invasion of privacy, it can also compromise compliance regulations that you must adhere to, such as HIPAA for healthcare, CJIS for government, or PCI DSS for retailers using credit cards.
That’s why Clearedin offers anti-phishing services that protect you from phishing emails while staying out of your business.
How to Identify Phishing Scams Without Invading Privacy
You might think there’s no way to identify phishing scams without first reading the content in which the phish was included. Clearedin has you covered. Clearedin keeps your content safe from phish—and prying eyes—by scanning only the meta data of an email. Unfamiliar with meta data? Think of it as nothing more than code; it’s things like the sender’s IP, send path (the chain of mail servers through whom the email relayed until it got to your Inbox), device, and other non-private information that we can use to determine if it’s a legitimate sender.
Of course, that’s not the only way we keep you protected. Our service is also based on social circles. We see, over time, who you and others within your organization interact with regularly. We baseline the behavior of the people that you trust and so long as they stay within an acceptable threshold of their baselines, their messages will get through to you without being flagged.
Discover more about social graphs in our story How Social Graphs Help Prevent Phishing Attacks.
Can My Anti-Phishing Software Be Hacked?
We’re not going to lie; it could happen. Security is a world of “when, not if” -- as in, it’s not *if* you’re going to get hacked, but how will you deal with it *when* it happens. In the unlikely event that someone is able to access Clearedin data, they’ll get nothing when it comes to our clients. There will be no email data payload—just meta data, because that’s all we have access to - no patient records, no financial information, no personal identifiers, nothing of legal or monetary value
Want to learn more about our anti-phishing solutions, and what makes us different from the rest? Contact the experts at Clearedin.