Cloud application vendor Intermedia has armed its email security solution to better protect SMBs from phishing attacks.
Available immediately and at no additional cost to users of the company’s Intermedia Email Protection product that also use its hosted Exchange service, the new safeguards are designed to help SMBs either unwilling or unable to pay for more comprehensive anti-phishing solutions from vendors like KnowBe4 Inc., Webroot Inc., and Sophos Ltd. ward off one of today’s most rampant threats.
“This could dramatically keep them safer without having to invest in those other areas,” says Ryan Barrett, vice president of security and privacy at Intermedia, which is headquartered in Mountain View, Calif. “By just checking a couple of boxes, they’re going to be way better off and probably reduce the risk of phishing by 50 to 90 percent.”
Intermedia Email Protection now features six new anti-phishing protections in all, two of which assess the validity of sender domains. Based on administrator preferences, businesses can block or quarantine messages that come from phony domains designed to resemble legitimate ones (such as channelpronetwrk.com) or that attempt to impersonate a trustworthy internal email by using a slightly modified version of the recipient’s own domain.
“If the sender’s domain is identical to your domain but maybe off by just one character, that’s an indicator that perhaps the attacker is spear phishing you,” Barrett observes.
Another new safeguard calls attention to messages containing suspicious vocabulary and language errors by automatically adding a message like “[possible phishing attempt]” to the subject line.
“You can do a lot with that to just give even the most uneducated user some basic visual cues that this is maybe something they need to think twice about,” Barrett says.
The fourth new defense guards against user impersonation efforts by looking for emails in which the sender’s display name and address don’t match. According to Barrett, Intermedia itself received counterfeit messages rigged to look like they were from the company’s CEO five times in the last week alone.
“It’s kind of ridiculous,” he says.
A fifth new feature notifies users if they’re about to reply to a different address than the one from which the email originated, while a sixth automatically flags messages from people outside the company “[EXTERNAL]” to alert people who think they’re corresponding with a co-worker that they’re not.
Intermedia’s newest offerings arrive as phishing activity is spiking rapidly. Global phishing attacks rose 65 percent last year to more than 1.2 million, according to not-for-profit industry association the Anti-Phishing Working Group. Research from Nationwide Insurance, meanwhile, reports that 20 percent of U.S. businesses with fewer than 300 employees have experienced a phishing attack in the past.
According to Barrett, telling customers that you’re adding protection against that looming threat for free is a great way to build long-term loyalty.
“That shows value and it shows attentiveness,” he says, adding that it can also serve as the starting point for a larger conversation about security that leads to bigger, paid solutions.
Developed in-house in the wake of Intel Corp.’s decision late in 2015 to shut down popular software-as-a-service email security solutions from MX Logic that it acquired five years earlier along with McAfee, Intermedia Email Protection shipped in April. As of its debut, nearly 500,000 users were on the system, which utilizes scanning engines from Cyren Ltd., Cloudmark Inc., and Vade Secure to provide multiple layers of protection.
