How Easy Was it for a Routine Phishing Scam to Rock Global Financial Markets?

And what can we do to make it less easy?

When an Associated Press journalist’s Twitter account was compromised last Tuesday, reportedly through a phishing attack, the consequences of a common email security breach were felt around the world. Stock markets plunged within seconds of a phony tweet about an explosion at the White House, instantly erasing $136.5 billion of value from the S&P 500 index.

When the story proved false the markets recovered their losses, but the sense of vulnerability remains. How did a routine email scam, one of thousands like it that circulate every day, dupe a sophisticated communications specialist into giving up secure information? The answer may lie in the growing sophistication of email fraud.

Most email users have seen phishing messages. They look like email from trusted senders with links to login, update information, or track orders, ultimately so the scammer can install malware or steal passwords and other information. People are increasingly wary of these scams, but phishing messages are increasingly more convincing. Some look almost exactly like messages subscribers are used to seeing, and more frequently scammers are targeting customers of specific brands. This is spear phishing – exploiting information about the targets (like Twitter handles) to customize phishing messages. As last week’s attack on the AP shows, it works.

Prominent brands, mailbox providers, and technologists are fighting back. One approach to monitoring and combatting phishing attacks uses email authentication and the DMARC standard to detect messages that appear to come from a company’s sending domain (alerts@ProminentBank.com) but can’t be authenticated. Brand owners can direct participating mailbox providers to quarantine or even block these messages from ever reaching subscribers.

When phishing messages appear to come from a domain that isn’t the brand owner’s, either a lookalike (alerts@Prominent-Bank.com) or an unrelated domain (alerts@Pr0minentBank.com), the authentication-based approach can’t help. But another approach, one that uses big data to analyze massive volumes of email in real-time, can help brands identify this kind of phishing attack.

Introducing a Full-Spectrum Phishing Solution

Because Return Path analyzes more email data than anyone else in the world, we are uniquely positioned to search for patterns and anomalies within the mailstream and apply this approach to detect and mitigate phishing attacks—regardless of what domain they appear to come from. After testing this approach with a number of high-profile brands, we’ve made it publicly available. This means that Return Path can now help brand owners see the full spectrum of phishing and take steps to stop attacks and pursue criminals.

This is an important step toward eradicating phishing because it makes it easier for targets of attacks to see them early, warn their subscribers, and take action. As brand owners and others use available solutions to combat this threat, it becomes vastly harder for fraudsters and hackers to succeed with scams like the one that jolted financial markets last week.