Thexyz Inc, the leading private email service that protects people and their data announces that a new “Email Phishing Reporting Tool” has been developed to help the growing problem of Email Phishing. There has been a notable increase in fraudulent spoofs targeting top executives in companies large and small. To help organizations protect against these new scams, Thexyz has developed a reporting tool and blacklist that seeks to identify malicious phishing emails and ensure they are reported to departments with the competencies to deal with phishing and cybercrime. In addition to filing the report, it is also capable of notifying the abuse department of the top 25 most phished organizations.
Email Phishing or spoofing, refers to email-based attacks in which the fraudster poses as a top executive to trick those with the management of a targeted company’s finances into sending large payments to a bank account controlled by the fraudster. Often sent during off-peak business hours or holidays, the emails usually convey urgency in an effort to catch the victim off-guard.
Since Thexyz first reported on phishing email attacks in July 2017, there has been a sharp rise in the attack volume. According to the Federal Bureau of Investigation Internet Crime Complaint center, losses due to email phishing have exceeded $1.2 billion since 2013.
Over the last year, nearly every tactic used in spoofing has evolved with increasing sophistication. Fraudsters have adapted with new techniques that make the attacks more convincing and the losses more severe. Also, current phishing campaigns are targeting smaller, fast-growing start-up companies in addition to larger organizations that have typically been the target of fraudulent phishing emails.
“The target list has grown. Scammers are now hitting executives at small and medium-sized businesses where exceptions to payment policies are often common,” according to Perry Toone, Director at Thexyz. “A year ago, the phishing campaigns target was primarily larger organizations with extensive supplier networks.”
Organizations should take the following steps to reduce the risk of falling victim to email phishing attacks:
- Limit the amount of information about employees on their website, particularly those with control over financial functions.
- Disable any catchall email services and features that allow emails with incorrect addresses to be delivered to the right email inbox (such as “firstname.lastname” matching).
- Implement email authentication mechanisms like SPF and DKIM to better detect email “spoofing.”
- Alert other employees within your business of the situation.
- Instruct employees to check the real sender of an email by hovering the mouse over the sender’s email address to ensure it matches.
- Teach employees to recognize email phishing scams and report email abuse with Full Email Headers via the reporting tool.
- IT administrators can blacklist any address/IP listed in the REPLY-TO, RETURN-PATH, or SOURCE IP found within the email headers.
- If in doubt, do nothing. If it really is urgent, consider calling or verifying the request another way.
By using the report email phishing tool at Thexyz, the data is also shared with Government departments for spam abuse of Australia, New Zealand, UK and the United States, a report is also shared with the Anti-Phishing Working Group.
Thexyz is the leading provider of 24/7 email hosting services to protect against threats that exploit people. The company is trusted by over 10,000 organizations worldwide. Thexyz combines proprietary technology, intelligence, and human expertise to rapidly detect, analyze, and stop targeted business email compromise (BEC) before they impact organizations. Leading organizations partner with Thexyz to more effectively disrupt targeted cyberattacks, prevent data breaches and reduce online abuse.