Edition 2: Phishing Concierge
TLDR: Email remains the core communication hub. Attackers are combining professional context with AI to target your personal inbox. Phishing Concierge provides an excellent option to get borderline emails analyzed where corporate security is not protecting you.
Attack vectors: phishing, email compromise, lateral attacks
Threat: You are a Limited Partner in an investment firm. You receive a DocuSign email that requires your attention. As an actual investor in the firm, you need to review official communications. You're busy and decide it's probably okay. You click to access the materials. It’s a malicious link and your email, device or both become compromised.
Clever spearphishing campaigns that leverage accurate context are not theoretical. In January, CrowdStrike wrote a detailed blog describing how attackers were impersonating their recruitment team to lure victims with job opportunities. For the right role, you might be inclined to engage with a cold email. And in a post this week, Microsoft's security team specifically cites DocuSign phishing attacks that get through Outlook filters are on the rise this tax season.
When you receive an email like this Docusign example, you mentally plot it on a Suspicion Spectrum (see graphic) that dictates behavior. When an email is clearly malicious, don’t engage and mark it as spam. When an email arouses no suspicion, it's business as usual. But when an email is in the middle, has credible signs but something is off, what do you do? Historical best practice is "don't trust, verify." Contact the sender via another medium to confirm. But sending a “did you get hacked?" or "is that real?” text can be awkward or even insulting. If it's late at night or a weekend, taxing a relationship at an inappropriate hour may not be an option.
In our experience, professionals receive ~2 personal emails per day that they are unsure about. If a personal email doesn't scream scam, what do you do?
Our recommendation: Submit it to Phishing Concierge, our Gmail Add-on. It executes a layered security analysis to identify danger. 90% of submissions receive a determination, dangerous or not dangerous, in < 60 seconds.
How it mitigates likelihood: Phishing Concierge, a Gmail add-on compatible with Gmail.com and the Gmail iOS/Android apps, gives you a great 'thread the needle' option to get a second opinion before proceeding. Submit an uncertain email and it ingests the .EML file to parse the sender address, domain, links, files, and the text sentiment. It runs the parsed elements through open source databases (URL Scan and VirusTotal), a series of rules (with the help of our friends at Sublime) and an AI-based text sentiment analysis looking for danger. It then scores the danger and its confidence. The system issues 'dangerous' or 'not dangerous' determinations based on high confidence scores. The remaining < 10% are submitted to human analysts for review in a sandbox environment. Phishing Concierge works 24/7 and the sender is not notified. It's a respectful and responsible way to handle borderline emails.
Counterargument: Phishing Concierge does NOT proactively scan every incoming email. You must opt in each time for analysis. This mandatory opt in might cause our product to be incomplete as it puts the onus on the individual to recognize an email is potentially phishing in the first place. The highest quality malicious emails might not ever be submitted.
We aim to deliver both security with privacy. Ingesting emails by default sacrificed too much privacy. This limitation of our product is by design. We may offer a "scan-each-email-by-default" option in the future.
How Members of The Cyber Health Company are protected: As a part of your Membership, we offer a comprehensive Email Security Appointment. We start by reviewing logged in devices to ensure no pre-existing improper access and revoke access from old phones that may be sold or in drawers. We then verify password is complex, MFA choice is sufficient and recovery process is solid. We also review filters and blocked addresses that might be preventing you from receiving important emails. We verify no rules are automatically forwarding emails to addresses you don’t control. We even increase privacy by opting out of data sharing to your ESP. We then white-glove install Phishing Concierge. This gives Members a comfortable option when an email is uncomfortable. If you are not a Gmail user, simply forward the email you want scanned to spam@cyberhealth.co and the product will function as well.
Jeremy Banon
Founder/CEO
The Cyber Health Company
About The Cyber Health Journal: This journal analyzes a product, feature or recent development in technology and how it impacts personal cybersecurity, online privacy and digital immunity.
About the Author: Jeremy Banon was hacked in 2016 and founded The Cyber Health Company in 2021 to help others avoid the same fate. The company provides the toolkit and team to support the personal cybersecurity, online privacy and digital immunity of high-risk individuals and corporate executives.