• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / OnINBOX / OnINBOX takes on social engineering attacks

OnINBOX takes on social engineering attacks

by Jordan Wilson
April 15, 2020August 24, 2022Filed under:
  • OnINBOX

OnINBOX’s role within Red Sift’s 360° Email Protection suite is to provide intelligent email threat detection to end-users by pointing out the risks inside every email. From our Early Access Program last summer to this month’s biggest upgrade yet, the evolution of OnINBOX has been a collaborative journey.

96% of social attacks occur over email1  

OnINBOX’s most recent updates mean our rigorous technical risk assessments are now combined with machine-powered social intelligence.

What does this mean?

OnINBOX spots social engineering attacks using a number of unique machine learning models that detect non-technical phishing attacks and warn the end-user. Email threats such as Business Email Compromise (BEC) techniques may use social engineering when attempting payment fraud, brand impersonation, and CEO fraud. In other words, the cybercriminal relies on written words to prompt risky actions from an unsuspecting employee.

Will my email gateway pick these up?

Phishing attacks that rely on social engineering lack any obvious threat signals such as malicious URLs or bad IP addresses, which a Secure Email Gateway would usually pick up on. As a result, the email ends up in any inbox connected to your organization. This could put any one of your colleagues in a compromising position where a seemingly innocent business request, is in fact one action away from putting the entire organization at risk.

So how will OnINBOX’s new capabilities intelligently tackle social engineering?

Rigorous technical assessment and social-intelligence

That’s right, a resilient combination of the two. OnINBOX now uses a number of machine learning models in combination with our foundational technical risk assessments to power unique social intelligence. This new superpower is designed to detect an ever-growing sophistication of social engineering email threats out there, with a duty to protect both employees and organizations from financial and reputational risk.

Now the fancy buzz words are out the way, let’s break down what these capabilities actually are and how they help our customers…

OnINBOX automatically identifies your trusted contacts to keep you safe

It may be a security expert nestled inside every inbox, but OnINBOX has the company-wide scoop on business relationships such as: 

  • Who contacts who
  • How often they communicate
  • If the email is similar to a reported phishing attack

Thanks to its ability to analyze historical email data and a sender’s most up-to-date email security, OnINBOX can make better risk decisions and inform the end-user how trustworthy each sender is. 

Natural Language Processing: Written threat signals past and present

OnINBOX has a sophisticated algorithm behind its NLP feature. So unlike other solutions out there which look at the sender’s user behavior (i.e is this person’s writing style a little different), OnINBOX can sense check if the email topic is of a sensitive nature, if there’s a sense of urgency, or if there’s a specific demand for financial action to be taken… just to list a few. These are all commonly used in phishing attacks and checked by OnINBOX to see if any match past reported threats, which effectively reduces false positives.

Stop Covid-19 attacks: Protecting remote workforces and your reputation

We recognize that cybercriminals are taking advantage of the current global health crisis and there are multiple reports of increasing Covid-19 phishing attacks out there. To do our part to help, we’ve launched a unique Covid-19 NLP model. This protects your workforce against impersonation and alerts them if something doesn’t look right, clearly explaining that the information in the email is likely to be misleading. Read more about this in our dedicated blog here.

Automation: Keeping your trust network up to date for you

OnINBOX now automatically identifies your trusted network of senders by learning from their previous interactions with a sender and that person’s individual risk profile. You’re simply notified by a green trust signal (for good) or red (for bad). Not only is this a historical assessment of email engagement, but it’s updated in real-time with every new email to catch those spoofs!

Don’t sweat it, we’ve got the small stuff covered too!

We know that’s a lot to take in but we did also take on board a few smaller feature updates that were important to our users (and therefore important to us!). 

These included:

  • Minimal and Detailed modes were made available whereby the A C T indicators only appear on high risk emails, instantly decluttering low risk emails. Learn about the differences in our Help Centre article here.
  • A welcome video tutorial for end-users was added to the welcome email! This helped make rolling out OnINBOX to the rest of the organization easier for administrators. 
  • We fine-tuned the A C T indicators to strengthen the differentiation of a cautious warning (amber) versus an email that’s highly likely to be a threat (red).

Want more?

Sure no problem. Take a sneaky peak of what’s coming up next!

  • Optional alert labels displayed next to the email’s subject line to indicate if an email isn’t safe before you even open it.
  • New report flow upgrades to help administrators reduce investigations and accelerate remediation of reported emails. 
  • Customizable banner warnings so administrators can choose when text-based banners pop up and the words they prefer to use to explain a classification beneath the three traffic-light indicators.

Start your OnINBOX free trial today!

If you’re not already an OnINBOX customer but you would like to try OnINBOX then we’d like to invite you to a 30 day free trial.

free trial red sift

Sources

12019 Cisco Cybersecurity Series Report – June

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Machine Learning
  • natural language processing
  • social intelligence

Post navigation

Previous Post Covid-19 phishing: 5 steps to protect your workforce
Next Post Featured: Natwest Business Hub – Would a fake invoice fool you?

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift