Wednesday, May 14, 2014

Netiquette - Special Blog Post - Spear Phishing Quiz From McAfee! Take It! - Via Netiquette IQ

 Market Status / Messaging:

 Targeted email attacks, AKA ‘Spear phishing’ are a major threat to every organization. It only takes one carefully worded and formatted email, sent to the right target at the right time, for a malicious attack to be successful. This tactic has been used in some of the most high-profile breaches in recent history, and third-parties consistently validate its efficacy:
 “95% of all attacks on enterprise networks are the result of successful spear phishing”  Allen Paller, Director of Research, SANS Institute 
 Even legitimate emails with critical information have been criticized for being so poorly architected that, to an informed user, doubt of legitimacy enters their mind.  A primary example being the recent breach communication from Target – which has been highly scrutinized:

Vigilance alone is not enough. A combination of security technology and user education is the best defense against spear phishing. McAfee has made strides in its email security technology with the introduction of the Gateway Anti-Malware engine (via ClickProtect, a feature of McAfee Email Protection) and McAfee Advanced Threat Defense – capable of detecting the malicious payloads that hide within targeted email attacks. 

User discretion is the last line of defense against an email attack. ClickProtect provides real-time snapshots of upcoming pages, allowing an end user to decide whether it is appropriate to proceed to the website they clicked on from an email. With or without this aid, there will always be a reliance on an employee’s ability to spot an illegitimate message. User education on specific topics such as how to spot phishing attempts is often difficult or too expensive for organizations to roll out, but McAfee wants to change that. Through this free and easy to use tool, organizations can discover their employees skill level at detecting phishing attempts, and teach them how to spot some of the most highly-effective phishing techniques in use today.
McAfee Phishing Quiz - Take It!

The quiz was developed utilizing the more effective and prevalent phishing emails identified by McAfee Labs.

10 B2B emails are presented to identify if they are phishing attempts or not.

Emails are displaying in standard email clients with emulated functionality – including mobile versions.

You are able to see your score, share the score and the quiz on social media platforms, discover how each phishing attack could have been identified, and learn about helpful technology.  Each individual email can be reviewed in detail to better understand the warning signs. Please go this this URL to take the quiz:

Solutions Available:

Email Security Solutions, including scan-time and click-time protection

Anti-malware (Reputation Services, Antivirus, Emulation, Sandboxing, Static Code Analysis)
Data Loss Prevention (DLP) systems