Building a Phishing

Scam Proof
Organization
A single focused phishing attack
can cripple an organization
overnight, and signs of fraud are
harder to detect than ever.

↶
BRAND IMPERSONATION
Look like legitimate emails from
a brand you know and trust.

↶
SPEAR PHISHING
Looks like personal email We believe in the
from important people. power of email and
INKY is here to
protect it.
Phishing Implies Impersonation.

Phishing fundamentally depends on

impersonation.
Spear phishing emails look like personal emails
from important people: wire requests, invoices,
requests for W-2s, attachments "for review."
Brand impersonation emails look like legitimate
transactional emails from DocuSign, Microsoft,
etc. They're usually aimed at credential
harvesting.
 What is Spear Phishing?

Spear phishing is an email

impersonating a trusted person like
your boss, your CEO, a friend, or a
colleague.
Spear Phishing
Spear phishing looks like an email
from a person the victim knows and
trusts.
 Spear Phishing

Anyone with a computer on

HOW the internet can send email
Do They Do It? with whatever From: address
and name they want!
 Spear Phishing

Once an attacker convinces you an

email is from someone you trust,
WHY they can get you to wire money,
share confidential information,
Do They Do It? open an attachment that installs
malware, or maybe even get you
to buy iTunes gift cards and give
them the codes!
 What is Brand Forgery?

A brand forgery email looks like a

legitimate mail from a brand you know
and trust -- but it's not really from that
brand.
Brand Forgery
Example: Office 365
Brand Forgery
Example: Bank of America
Brand Forgery
Example: Amazon
Brand Forgery
Example: American Express
Brand Forgery
Example: Sam’s Club
Brand Forgery
Example: Target
 Brand Forgery

The bad guys can take a real

HOW transactional email from the
Do They Do It? targeted brand, Save As
HTML, then resend from their
own mail account.
 Brand Forgery

By impersonating a major brand,

the attacker hopes you will provide
WHY your password to their fake login
Do They Do It? site, engage in a dialog with them
and reveal personal financial
information.
INKY Phish Fence is an email
protection product that uses
sophisticated machine
learning and artificial
intelligence to analyze
incoming messages for signs
of phishing, spam, and other
email-based threats.
The Banner.
The banners empower employees. Whether on
mobile or the desktop the banner is always visible
and the ability to ‘report an email’ always available.
Frequently Asked
Questions
Why am I seeing these banners at the top of my email?

The banners are inserted by INKY to

alert you of any possible threats in
your emails. The banners also
display the email sender’s address
and mark if an email is internal (from
someone in your organization) or
external. If you see these banners, it
means that your IT staff has
deployed INKY Phish Fence and
included you in the group of
protected users.
What do the different banner colors mean?

A gray banner indicates that Inky Phish Fence did not find anything unusual or suspicious
about the message. Even though the message was not classified as threatening, you should
always check the displayed sender address and the source type to be sure it makes sense
(e.g., an external webmail address for a message from a colleague may be cause for
concern).
What do the different banner colors mean?

A yellow banner indicates that Inky Phish Fence found something unusual about the email
message. It is not necessarily phishing or dangerous but something you should be aware of.
For example, a request for sensitive personal information should be given extra scrutiny.
Mail that seems out of the ordinary or is spammy in some way may receive a yellow banner.
What do the different banner colors mean?

A red banner indicates that Inky Phish Fence thinks the message is suspicious and likely to
be phishing or dangerous in some other way. This includes brand impersonations (e.g., a
fake “account alert” email from your IT department), Block listed phishing URLs, or attempts
to spoof mail to look like it came from an internal company account.
What should I do if I receive an email with a yellow banner?

Look carefully at who the mail is from and whether it is

from someone you trust. Be especially careful about
clicking any links in the body of the email or opening any
attachments.
What should I do if I receive an email with a red banner?
Why did I receive it if it’s considered dangerous?

In most cases, you can simply delete the message and

move on. In many INKY Phish Fence deployments, your
IT staff, security team, or email administrator will
configure your mail server to quarantine or delete “red
flagged” mail before it reaches your mailbox. In other
cases, the mail will still be delivered with the banner
telling you to be careful.
What does the “Report This Email” link do?
How do I provide feedback on INKY’s analysis?

If you think INKY has made a wrong classification, or if you just

want to confirm that Inky got it correct, click the “Report This
Email” link found in the bottom right corner of each banner. This
will take you to a web form where you can indicate that the
message is truly Safe, Spam, or Phishing. You can also provide a
comment describing your assessment. This feedback is used to
automatically improve INKY’s predictions in the future. Your
submissions are also manually reviewed to improve the overall
system and ensure Inky provides the most accurate security
possible.
Why do I see an INKY Phish Fence page when I
click a link in an email?

Part of Inky’s protection is the ability to perform real-time checks

on any links you click. If this feature is enabled, clicking on links in
a yellow or red banner email will take you to a page reiterating
that Inky found the message to be unusual or suspicious. In some
cases, a message that originally only had a grey banner contains a
link that is later detected as a dangerous phishing URL. In that
case, when you click the link, Inky’s real-time check will detect you
clicked on a bad link, and you’ll be met with a blocker page
alerting you of that fact.
What should I do if I have questions or comments
about the Inky Phish Fence service?

Please contact your IT staff, security team, or email administrator

who can pass your feedback along to the appropriate Inky
support person. They will be able to fine-tune your Inky policies
and settings to help make things work as smoothly as possible.
Reporting Phishy Emails

You can actively help by identifying and reporting phishing

attempts, so that INKY learns to flag these in the future, and these
cyber criminals can be stopped.

To do this, click on the “Report This Email,” link below any INKY
banner.
Reporting Phishy Emails

This will take you to

the Report this email
page which will ask
you to choose how
you want to classify
this email. Click on
Safe, Spam or
Phishing and hit
submit at the bottom.
Accidentally Clicked a Suspicious Link

If you click on a link inside a

suspicious message INKY will
supply you with a screenshot of
the webpage of the malicious link,
a description of why the link is
categorized as malicious and two
additional navigation options:
1) Proceed to the site
2) Do not proceed.
Phish Free.