I’m often asked how Isla protects users from phishing, and have to admit I have never liked my answer.
Phishing is a grifter’s game, a trick, and a false pretense. It’s an attack on understanding and trust. It’s pervasive, on the rise, and criminal. Alarmingly, despite the best industry efforts, 23% of recipients still open phishing messages, and 11% click on attachments (according to the 2015 Data Breach Investigations Report from Verizon).
You can’t rely on isolation to defeat Phishing though, so as much as I’d love to be able to claim Spikes Security has the solution for Phishing, I can only refer to our ability to block the payload of a phishing attack, should it contain or link to web malware.
Lately I’ve been seeing some advances in the fight against non-SSL websites though, with the unintended but very welcomed consequence of greatly reducing phishing.
I’m encouraged by what I see Google doing, for example, by their ranking websites higher which switch to SSL. There are obvious privacy gains offered by SSL encryption, but a lesser-known benefit exists as well, that it validates identity.
If all websites required SSL, and if browsers could pop up error messages when visiting non-SSL websites, it would be way harder for phishing attacks to be successful. A website couldn’t so easily pretend to be your bank, social network, or medical practitioner’s site.
We at Spikes Security will be helping to push toward an all-SSL web and look forward to our role in helping to prevent phishing.