Maybe some of you have forgotten when then Chief Software Architect of Microsoft, Bill Gates uttered one of the silliest claims to promote Microsoft in 2004. In the prestigious 2004 World Economic Forum in Davos, Switzerland, he said: “Two years from now, spam will be solved.” He made such brave claim in relation to the advances that Microsoft “allegedly” made with its corporate email client, Outlook. Fifteen years later, we have yet to see any improvement, let alone having a Microsoft-established technology to effectively end spam. In fact, of all companies, it was Google which introduced Gmail in the same year, is offering the safest mail service to the public, due to its use of the crowd-powered anti-spam system in Gmail for free.
Spam emails came into existence in 1978, and it even evolved to a much more dangerous form, phishing attacks, and social engineering emails. Designed to dupe people into releasing their personally identifiable information and/or infecting their computers with malicious content. Seems like no end can be seen, as phishing attack campaigns also evolved to spear phishing. It is an operation where the victim was specifically identified and targeted. The messages sent to them are customized in order to create an atmosphere of trustworthiness, and the moment the victims fell for it, the least that can happen to the targets is becoming a subject to identity theft.
The CSCAN (Centre for Security, Communication and Network) research has checked various email service providers and established a baseline on how phishing attacks can be neutralized. They sent harmless “test phishing” emails to potential victims, to determine how their email clients will handle the samples. The sad result of the assessment, test emails without links went through the user’s inbox without trouble, while 64% were able to arrive unfiltered as well. Out of their sample emails, only 6% were labeled as malicious by the email service providers, which is a serious cause of concern, as email is still one of the most used services on the Internet even in the age of instant messaging and mobile apps.
“The poor performance of most providers implies they either do not employ filtering based on language content, or that it is inadequate to protect users. Given users’ tendency to perform poorly at identifying malicious messages this is a worrying outcome. The results suggest an opportunity to improve phishing detection in general, but the technology as it stands cannot be relied upon to provide anything other than a small contribution in this context,” explained Prof. Steven Furnell, Head of CSCAN.
The world situation when it comes to phishing has never improved, according to Kaspersky Lab, they have detected 482,465,211 phishing messages in 2018. “Phishing has now been a problem for over a decade and a half. Unfortunately, just like malware, it’s proven to be the cybersecurity equivalent of an unwanted genie that we can’t put back in the bottle,” added Furnell.
What we recommend is user education, it takes a human to interpret if the email security is a priority. However, if they are not informed correctly, they end-up opening an email that should not be opened, as it carries malware. “Despite many efforts to educate users and provide safeguards, people are still falling victim. Our study shows the technology can identify things that we would ideally want users to be able to spot for themselves – but while there is a net, it clearly has big holes,” concluded Furnell.