Secure Email Gateways Miss 99.5 Percent of All Non-Exact Email Spoofing Attacks, New IRONSCALES Research Concludes

Koby Bar |
Apr 2, 2019
DMARC, SPF and DKIM

April 2, 2019– Atlanta & Tel Aviv - IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced the results of new research proving that secure email gateways (SEGs) fail to stop 99.5 percent of all non-trivial email spoofing attacks.

A two-year analysis of more than 100,000 verified email spoofing attacks found that the most common spoofing attack techniques, including sender name impersonations and domain look-alike attacks, are bypassing SEG technology on a regular basis.

The most common email spoofing attack techniques to bypass SEGs include:

  • Exact sender name impersonations (73.5%) - When an email is sent masquerading as coming from a trusted source, such as a colleague.
    • Example: SteveJobs@techcompanyxyz.com
  • Similar sender name impersonations (24%) - When an email is sent masquerading as coming from a trusted source, such as a colleague, with minor obfuscations.
    • Example: SteveJabs@techcompanyxyz.com
  • Look alike/cousin domain spoofing (2%) - When an email is sent from a similar domain, in which attackers register the domain to set the right authentication records in the DNS.  
    • Example: SteveJobs@aapple.com
  • Exact domain spoofs (.5%) - When an email is sent from a fraudulent domain that matches exactly to the spoofed brand’s domain.
    • Example: SteveJobs@apple.com

Secure email gateways, when configured correctly, are compliant with the domain-based message authentication, reporting & conformance (DMARC), an email authentication protocol built specifically to stop exact domain spoofing (SPF/DKIM). As such, SEGs are proving effective at identifying and stopping exact domain spoofing attacks. However, this attack technique is the least common of the four impersonation tactics because of the time and complexity associated with crafting an exact domain spoof. Therefore, IRONSCALES’ research concludes that SEG technology is severely limited in reducing risk from the vast majority of the most common email spoofing attacks. In addition, the findings reinforce the severe limitations of DMARC, serving as a reminder that the protocol only solves a miniscule piece of the overall complex email spoofing puzzle.



Said Eyal Benishti, IRONSCALES founder & CEO:Our new data reinforces that legacy SEG technology was not built to identify social engineering attacks that are often absent of a malicious payload such as a link and attachment. Even as SEGs attempt to modernize through acquisition or innovation, gaping vulnerabilities remain that keep their customers at risk of succumbing to both the most common and sophisticated email spoofing attack techniques.

While SEGs ability to prevent the most trivial and common domain spoofing attacks is a value-add, this benefit is more of a credit to the technology’s compliance with DMARC, which is reliance on adoption by both the sending and receiving organization, than it is a function of technology itself. Moving forward, organizations must address the threat of email spoofing by implementing advanced mailbox-level security that continuously studies every employee's inbox to detect anomalies based on both email data and metadata extracted from previously trusted communications.”  

 For more information about IRONSCALES new research, please contact evan@arpr.com and follow the brand @ironscales on social media.

 

SUBSCRIBE TO OUR BLOG

X
Free Trial