John Stevenson by John Stevenson | | Blog

How to ensure your users don’t fall victim to an easyJet related phishing scam

It’s disappointing enough that you can’t take a well-earned vacation on the beach this summer because of the pandemic. But now, with the news of the breach of nine million customer details from easyJet, millions of people who have booked with the airline will need to take extra care opening any email purporting to be from the low-cost carrier for fear it’s part of a targeted phishing scam.

They should expect more from their cyber defences says Deep Secure’s John Stevenson.

Conventional wisdom

The conventional wisdom on protecting yourself from phishing, places the onus fairly and squarely on the user. Users must beware when opening emails in case they are not from who they purport to be. Users need to be careful opening innocuous looking attachments in case they contain malware. Users need to think carefully before they click on links in emails or attachments in case they download innocent looking documents containing malware.

Ever wondered why so much time, money and effort is spent telling the user what they should and shouldn’t do? Simple. The cyber defences that organisations have bought to combat the scammers don’t offer sufficient protection.

Detecting the scammers

Everyone is trying their best to combat the problem of phishing. Google’s Gmail claims to block 100 million phishing emails per day. Countless online reputation checking services blacklist source domains and IP addresses to try and filter out the bad guys. Detection-based cyber defences are constantly updated with signatures of the latest malware being used in phishing scams.

And yet the emails keep getting through and workstations keep getting compromised. Why? Because detection-based defences just can’t keep up with the bad guys. What’s needed is a way to ensure you always remove the threat.

Removing the threat

With the Deep Secure zero trust data threat removal platform, every attachment or downloaded document arriving at the email or Web boundary is transformed into a new, safe document.

During transformation, only the valid business information is extracted from the untrusted document, and the original is discarded along with any active malware code it might contain. The extracted business information is then formatted to match the original and a wholly new file is delivered. Okay, the user gets an email which might – or might not – be a phishing scam. But the point is that any malware it might contain is completely removed.

Of course, users should exercise caution when opening emails - and be trained to do so. However, they should also be able to open attachments and click on links without endangering the system. With Deep Secure Threat Removal technology deployed at both the email and Web gateways, the organisation can be confident that its users can do exactly that.

With Deep Secure, users may not get to the beach this summer, but they will be able to avoid the ramifications of the breach.


View all posts