Gone Phishing

Shearwater spearheads innovation to improve email security

It’s the bane of every IT department’s existence:
How to weed out dangerous emails without also blocking legitimate ones.


False Positive: An email that’s been wrongly identified as dangerous, when in fact it is safe.
False Negative: An email that’s been wrongly identified as safe, when in fact it is dangerous.

IT teams face a near impossible balancing act. They need to keep the organisation’s infrastructure and systems safe. But at the same time, they also need to ensure operations are not impeded by over-zealous security measures.


Staking your security on reputation alone is risky business.

Typically, an organisation’s IT department relies on reputation-based intelligence to determine if an email should be considered high-risk. Relying on dynamic databases of known IP addresses, from which phishing emails have been sent in the past, any emails originating from these sources will be flagged and weeded out.

Certainly, this strategy is preferable to no strategy. However, it is far from foolproof.

IP addresses sending phishing email that have yet to be identified won’t be blocked. Likewise, if a trusted IP address is compromised by hackers who send out phishing emails, these could be let through your security filters with potentially devastating consequences.

That’s where staff training steps in. It’s the people within an organisation that represent the last line of defence. Organisations rely on people having the skills to identify potentially dangerous email, and to notify their IT department about it.

Naturally, errors occur. People often mistake phishing emails for legitimate correspondence. Once a dangerous link or attachment has been clicked, the damage has been done.


Shearwater’s commitment to email security is long-standing.

Shearwater’s Phriendly Phishing awareness product leads the way in giving people the skills they need to identify and report malicious email. With ongoing training modules that get progressively more advanced, people within an organisation become significantly more adept at stopping phishing emails in their tracks.

However, with hackers adopting increasingly sophisticated tactics, those of us developing defensive strategies are also constantly striving for improvement.


Using data to drive new insights.

Working with organisations across multiple industries, both in Australia and globally, Shearwater has accumulated extensive datasets. With this data identifying the origins of dangerous emails, as well as the destinations of any links they contain, it is a treasure-trove of potentially useful information that can be used in the fight against phishing.

When Lachlan Gabb, a Shearwater security analyst and Bachelor of IT (Network Security) student at TAFE NSW, suggested an innovative approach, his initiative was encouraged as potentially offering organisations a new defensive weapon.


Mapping the world of email phishing.

As part of his final-year capstone project, Lachlan wanted to deep-dive into Shearwater’s datasets, with the intention of identifying patterns of behaviour used by those sending phishing emails.

The first step was anonymising the data. Due to the confidential nature of many of the emails, only data specifically relevant to Lachlan’s project was extracted and internally processed on dedicated, secure systems.

Using data visualisation methods, Lachlan successfully mapped many thousands of phishing emails, showing clear trends in terms of origin and destination. He was able to generate interactive animations showing both sender and receiver locations, as well as any link locations contained in the emails.


Interestingly, Lachlan was able to visually demonstrate that source countries for phishing emails are not usually the same as link destination countries. While email source countries are often those with less robust cybersecurity governance and controls, the links contained in those emails often direct to countries not known for malicious activities and with reputations for more sophisticated law-enforcement.


The ongoing fight to stop phishing.

Work continues to implement the findings of Lachlan’s data analysis into Shearwater’s email security platforms, so organisations can benefit from its insights. With the focus of Lachlan’s research thus far mainly centred on English-speaking countries, the next stage is to expand the analysis to include other countries, providing an even more comprehensive understanding into the patterns of behaviour used by those engaging in email phishing.



How Shearwater can help you?

If your organisation isn’t yet taking the threat posed by phishing email seriously, it’s time you started.

The costs associated with ransomware and malware can be crippling.

Yet there are steps you can take to help safeguard your organisation.

With Shearwater actively engaged in research to continuously drive improvements in email security, SPEAK TO US TODAY to learn how you can benefit from our research and expertise.

PhriendlyPhishing by Shearwater Solutions

Phishing Awareness Training & Simulation Program 

Phishing awareness training is a scaleable, cloud-based phishing awareness and simulation program developed by certified cybersecurity professionals at specialist information security services provider Shearwater Solutions. Phriendly Phishing benchmarks employees’ existing phishing knowledge (before deploying educational modules), tests improvements and supports re-education. This journey-based approach encourages users to reach milestones and includes an option to gain practical experience with simulated phishing campaigns. It is these features that make Phriendly Phishing both engaging and extremely effective, and through ongoing research and practical experience in the field, Phriendly Phishing developers ensure that training remains current with real-world phishing threats and techniques.