MessageGate, a leader in enterprise messaging security and compliance, today announced a new way to combat e-mail phishing attacks designed to lure sensitive information, such as passwords and other personal information, from a victim by masquerading as someone trustworthy.
MessageGate's new paradigm surpasses existing anti-spam techniques by delivering an expert system-based analysis of both header information and content, far exceeding the accuracy and reach of simple header heuristic analysis. By identifying discrepancies that signal fraud, MessageGate's system blocks phishing attacks with suspicious routing, fraudulent header information, or executable scripts, like Javascript. In combination with initiatives such as the Sender Policy Framework(SPF) and Sender ID, MessageGate's system enables validation of sender identities across all sender categories, thereby preventing phishing attacks from entering corporate networks.
MessageGate's solution not only detects and blocks phishing e-mails aimed at employees via an enterprise messaging system, but it also prevents sensitive information, such as personal data, from leaving a system. A soon-to-be released study by Michigan State Professor Judith Collins found that 70 percent of all identity thefts start with theft of personal data from a company by an employee. MessageGate's Security Platform performs a single-pass analysis of both inbound and outbound messages using attachment identification and analysis, contextual message header and connection analysis, intelligent content analysis, and phishing prevention technology.
"Although it is more commonly associated with home computer users and services like AOL or MSN, phishing is actually a larger corporate security problem because most identity theft occurs in the workplace," said David Weld, President and CEO of MessageGate, Inc. "MessageGate technology is designed to thwart phishing by applying a unique combination of header and content analysis on inbound messages, and enforcing corporate security policies on outbound messages."
"Companies need to take a holistic approach to the detection and prevention of phishing by using all of the technology tools available to them," said Matt Cain, senior vice president at Meta Group. "Phishers have become more sophisticated about how they send out messages and rather than cast a wide net, they now prefer to target e-mails at very specific groups of people. Traditional anti-spam technology by itself will not solve this problem. To effectively fight against phishing, a solution must have the ability to analyze both headers and content to uncover the types of discrepancies and inconsistencies that mark a phishing attack."