/////////////////////////////////////////////////////////
REAK,
TO
omain and any
hments. They
cuum, and at face
tion towards the
at data, the recipient
ess. They run
g ‘have I seen this IP
ially, if the answer is
t through.
omain is brand new,
n and as these
imited ability to
ul elements via any
no choice but to let
These methods barely scratch the surface of
a much wider range of characteristics that
a malicious email might contain. And as
email threats get ever more sophisticated,
the ‘innocent until proven guilty approach’
is not enough.
For a comprehensive check, we would
want to ask: does the domain have any
previous relationship with the recipient?
The organisation as a whole? Does it
look suspiciously visually similar to other
domains? Is this the first time we’ve seen
an inbound email from this user? Has
anybody in the organisation ever shared
a link with this domain? Has any user ever
visited this link?
Legacy tools are blatantly asking the wrong
questions, to which attackers know the
answers. And usually, they can skirt by these
inattentive security guards by paying just a
few pennies for new domains.
How to buy your way in
Let’s look at the situation from an attacker’s
perspective. They just need one email to
land and it could be keys to the kingdom, so
an upfront purchase of a few thousand new
www.intelligentcio.com