Spam filters are the first line of defence against phishing emails; every big Internet Service Provider (ISP) has them installed in their email services and they prevent many phishing threats from reaching our inboxes and tricking us into giving away valuable information. The arms race between phishers and ISPs is intense; phishers try to come up with innovative ways to getting around the spam filters, and ISPs must figure out how to block fake emails without accidentally blocking real ones too. Recently, Google announced that it was heavily increasing the security of its gmail service in an attempt to prevent phishing attacks on its customers.
However successful spam filters may be, they are not completely effective. There are several reasons why emails may pass through the filters and end up in their victim’s main inbox. The first reason is that the emails may actually be sent from a legitimate email address. If the email address is from a well-known ISP, such as a gmail or yahoo address, it is likely to pass through the servers. The attacker may set up their own account specifically for the scam, or they may hijack somebody else’s account and use that. If a phisher uses a throwaway email account, it is unlikely to make it through the filters so the scam is blocked.
Email filters often scan for phrases which are commonly used in phishing attacks. Phishers have come up with many innovative ways of circumventing this type of filtering. They may spell words incorrectly, insert symbols instead of letters (such as 0 for O), insert random punctuation or even substitute Cyrillic characters instead of Western ones. Also, as long as the message sounds like normal correspondence and not a “typical” phishing message, the email will make it through the filters.
Another technique that phishers use to bypass email inbox filters is rendering all or part of their message as an image. Filters are designed to pick up on phrases which are common to phishing emails. In image form, phrases used in the email are therefore not picked up by the filter, so the email reaches the potential victim’s inbox.
As a great deal of phishing emails start with “Dear our valued customer” or some other generic opening, spam filters often target these types of addresses. However, in spear phishing, the attacker gathers personal information on their victim from social media profiles or other web resources. Therefore, they are able to directly address the message to their victim and bypass the filter. This also makes the email look more legitimate, and therefore increases the phisher’s chances of success.
Spam filters look at the IP address from which the email is sent. If it is transient, it is unlikely to make it through the filter to the inbox. However, if the email is sent from a trusted source, then the filter is unlikely to pick up on the spam and the email slips through.
As email filters do not always succeed in picking up spam emails, it is important that internet users become aware of the signs of phishing attempts themselves in order to better protect themselves against the attacks that do make it through.
You can also stay updated by subscribing to iTechCode.