<

Go Premium for a chance to win a PS4. Enter to Win

x

Premiere Data URL Email Filtering

Published on
3,486 Points
486 Views
Last Modified:
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.

Protect your company from Data URLs with The Email Laundry’s Email Filtering


user stressed over phishing scams, needs email filtering serviceThe Gmail Data URL Attack


The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbiage, and appearing to open to a valid Google URL. It is no surprise that users of all technical levels are finding themselves breached by this phishing attack.

Why was this attack so successful?


The use of previous attachments and subject lines in this scam, partnered with the familiarity of the sender, gives the user a false sense of security. This misjudgment of security is heightened by the familiar looking attachment and the accounts.google URL the user encounters on the phishing page. With their guard down the user enters their credentials and the hackers are in.

Data URLs


In this attack, the phishing landing page is launched from the attachment with the use of a data URLData URLs are “URLs prefixed with the data: scheme, allowing content creators to embed small files inline in documents.” Through the use of a data scheme, the hackers are able to place the code for the entire phishing site right into the document.

Norwegian researcher, Henning Klevier, outlines the danger of hackers using data URLs in his 2012 research paper;


“Using this procedure, there is no clear source of the phishing page and its content, which makes it difficult to trace, monitor the movement or establish the origin of the web page. There is no way to shut down or remove a data URL web page, besides removing all instances of its link.”

How to Stop a Data URL Attack


hacked computer thanks to phishing gmail email filtering


While most phishing emails get stopped by email security filters, this attack is able to get through as it is from a user’s contact list. Once through to the user’s inbox, it is up to the user to identity the fraudulent email and delete the data URL encoded attachment. The success of this Gmail attack and its use of a data URL, is sure to start a new trend among hackers and companies must prepare. With over 100 billion spam emails sent each year to employee opened business email compromises, a stronger defense is required.

To help protect against these types of attacks, The Email Laundryhas enhanced its email filtering service to prevent emails containing a data URL. Any email with an attachment containing a data: scheme will be intercepted and quarantined to ensure complete security. By placing another barrier between the hacker and the user, companies can worry less about email scams and focus on their business.

This premier feature is offered as part of The Email Laundry’s Full Stack Email Security service.
0
Comment
0 Comments

Join & Write a Comment

Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month