OnINBOX takes on social engineering attacks

OnINBOX’s role within Red Sift’s 360° Email Protection suite is to provide intelligent email threat detection to end-users by pointing out the risks inside every email. From our Early Access Program last summer to this month’s biggest upgrade yet, the evolution of OnINBOX has been a collaborative journey.

96% of social attacks occur over email¹  

OnINBOX’s most recent updates mean our rigorous technical risk assessments are now combined with machine-powered social intelligence.

What does this mean?

OnINBOX spots social engineering attacks using a number of unique machine learning models that detect non-technical phishing attacks and warn the end-user. Email threats such as Business Email Compromise (BEC) techniques may use social engineering when attempting payment fraud, brand impersonation, and CEO fraud. In other words, the cybercriminal relies on written words to prompt risky actions from an unsuspecting employee.

Will my email gateway pick these up?

Phishing attacks that rely on social engineering lack any obvious threat signals such as malicious URLs or bad IP addresses, which a Secure Email Gateway would usually pick up on. As a result, the email ends up in any inbox connected to your organization. This could put any one of your colleagues in a compromising position where a seemingly innocent business request, is in fact one action away from putting the entire organization at risk.

So how will OnINBOX’s new capabilities intelligently tackle social engineering?

Rigorous technical assessment and social-intelligence

That’s right, a resilient combination of the two. OnINBOX now uses a number of machine learning models in combination with our foundational technical risk assessments to power unique social intelligence. This new superpower is designed to detect an ever-growing sophistication of social engineering email threats out there, with a duty to protect both employees and organizations from financial and reputational risk.

Now the fancy buzz words are out the way, let's break down what these capabilities actually are and how they help our customers…

OnINBOX automatically identifies your trusted contacts to keep you safe

It may be a security expert nestled inside every inbox, but OnINBOX has the company-wide scoop on business relationships such as: 

• Who contacts who
• How often they communicate
• If the email is similar to a reported phishing attack

Thanks to its ability to analyze historical email data and a sender’s most up-to-date email security, OnINBOX can make better risk decisions and inform the end-user how trustworthy each sender is. 

Natural Language Processing: Written threat signals past and present

OnINBOX has a sophisticated algorithm behind its NLP feature. So unlike other solutions out there which look at the sender’s user behavior (i.e is this person’s writing style a little different), OnINBOX can sense check if the email topic is of a sensitive nature, if there’s a sense of urgency, or if there’s a specific demand for financial action to be taken… just to list a few. These are all commonly used in phishing attacks and checked by OnINBOX to see if any match past reported threats, which effectively reduces false positives.

Stop Covid-19 attacks: Protecting remote workforces and your reputation

We recognize that cybercriminals are taking advantage of the current global health crisis and there are multiple reports of increasing Covid-19 phishing attacks out there. To do our part to help, we’ve launched a unique Covid-19 NLP model. This protects your workforce against impersonation and alerts them if something doesn’t look right, clearly explaining that the information in the email is likely to be misleading. Read more about this in our dedicated blog here.

Automation: Keeping your trust network up to date for you

OnINBOX now automatically identifies your trusted network of senders by learning from their previous interactions with a sender and that person’s individual risk profile. You’re simply notified by a green trust signal (for good) or red (for bad). Not only is this a historical assessment of email engagement, but it’s updated in real-time with every new email to catch those spoofs!

Don’t sweat it, we’ve got the small stuff covered too!

We know that’s a lot to take in but we did also take on board a few smaller feature updates that were important to our users (and therefore important to us!). 

These included:

• Minimal and Detailed modes were made available whereby the A C T indicators only appear on high risk emails, instantly decluttering low risk emails. Learn about the differences in our Help Centre article here.
• A welcome video tutorial for end-users was added to the welcome email! This helped make rolling out OnINBOX to the rest of the organization easier for administrators. 
• We fine-tuned the A C T indicators to strengthen the differentiation of a cautious warning (amber) versus an email that’s highly likely to be a threat (red).

Want more?

Sure no problem. Take a sneaky peak of what's coming up next!

• Optional alert labels displayed next to the email's subject line to indicate if an email isn’t safe before you even open it.
• New report flow upgrades to help administrators reduce investigations and accelerate remediation of reported emails. 
• Customizable banner warnings so administrators can choose when text-based banners pop up and the words they prefer to use to explain a classification beneath the three traffic-light indicators.

Start your OnINBOX free trial today!

If you’re not already an OnINBOX customer but you would like to try OnINBOX then we’d like to invite you to a 30 day free trial.

Sources

¹2019 Cisco Cybersecurity Series Report - June