The Harsh Truth About Phishing Attacks: Your IT Staff Isn’t Fast Enough
Quick Answer
Phishing sites have a short half-life. The 2018 Webroot Threat Report found most phishing pages were online only 4 to 8 hours, and Dark Reading documented campaigns active for just minutes. Sophisticated attacks also use time-release: the email arrives benign, passes a delivery-time scan, then turns malicious hours later when the linked site flips to a credential-harvest page. By the time IT investigates a user report, the site is gone. Stopping these attacks needs three things humans cannot deliver: high speed (scans complete in seconds without slowing the user), full automation (no judgment call required from the recipient), and real-time scan-on-click (the URL is checked at the moment the user clicks, not at delivery). That combination protects whether the click happens 30 seconds or 2 weeks after the email arrived.
Phishing attacks give a little warning and they don’t linger at all. The timeline for many phishing websites is just a few hours. According to the 2018 Webroot Threat Report, “most phishing sites were only online for 4-8 hours.” Sometimes less. According to an article on Dark Reading website, “Many phishing campaigns last year combined attacks that were active for just a few minutes.”
To make matters worse, sophisticated phishing attacks don’t strike right away. They exhibit more of a time-release infection. So, for example, if you were to deploy technology that scanned emails upon arrival for malicious content or links, they would pass the test. Then they just sit there, dormant, waiting for you to let your guard down. Then, after some time had passed, the email could turn threatening. By the time you realize it’s a phishing site, it no longer exists. What chance does your IT staff have?
Preventing these time-delayed, short-lived phishing attacks takes more than human intervention and response. It takes technology that acts as fast as the attack, and yet is patient enough to wait for it to occur. According to an article on The Cybersecurity Place website, “Successfully protecting your organization in today’s phishing threat landscape requires a high-speed, highly automated, real-time approach that is designed to operate faster than both users and attackers.”
- High speed
- Highly automated
- Real-time
That’s how you stop today’s phishing attacks.
High speed means the amount of time it takes to scan malicious emails is only a couple of seconds, so users see very little impact on their workflow. Highly automated means no human intervention. It’s phishing protection that does not depend on someone recognizing a spoofed email or deciding whether or not a linked-to website is malicious. And real-time means just that. The email is scanned at the instant it’s opened. Whenever that is. No matter how many times it is.
If a user were to click a link 30 seconds after the email arrives or two weeks after it arrives (or once a day in between), real-time scanning protects the user from phishing emails. It’s “always-on” protection.
Give your IT staff a fighting chance against time-delayed, short-lived phishing attacks. Try our email security services risk-free for 30 days. It’s fast, it’s automated and it’s real time.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.