This article first appeared in Information Age.
Digital technology has transformed people’s lives – creating new opportunities and means to connect with friends, family, business colleagues, customers and suppliers. The downside? It’s created openings for unscrupulous actors looking to financially exploit people. According to Hiscox Insurance, cybercrime cost the global economy $450 billion last year.
And while cybercrime takes many different forms, phishing – the attempt to obtain sensitive information through electronic communication by disguising oneself as a trustworthy entity – is particularly prevalent.
Email is a primary conduit of phishing scams. Over 68% of people in the UK who reported a phishing scam in 2015 said they received it from email. There’s no shortage of advice for how to protect oneself online, but this advice is not translating into a reduction of fraud offences.
Recently, governments and citizens have trained their fire on the technology companies whose email platforms these nefarious actors use. Both groups want to see technology companies doing more to keep users safe.
So, what more could technology companies do? There are some basic steps, using existing analytics, that technology companies with email platforms can take to reduce the likelihood their customers will fall victim to email fraud.
Use existing analytics to detect information in emails
Companies already examine the metadata and content of incoming emails. This is used to send emails to your junk folder, add information from emails that have dates or locations to your calendar or mapping applications, or provide you with suggested responses to emails. In fact, people have become quite accustomed to this functionality as it saves time and is, in general, not perceived to be unnecessary or intrusive.
Deploy tools to detect scamming emails
Scamming emails often contain certain characteristics that some people are able to spot, but others aren’t. These characteristics include a sender with a domain name that’s different from the company it claims to be from, a request for money, a generic greeting (e.g. ‘Dear customer’), or a warning that an account is about to be frozen or shut down. The same analytics used to identify dates, addresses and locations can be used to spot these characteristics.
Want to find out more about our work in defence and security?
Display warning information about emails to educate users
Each of the above characteristics can be assigned a weighting with respect to online fraud. When fraud is detected, the weighting can be combined to form an overall risk profile associated with the message.
This profile can then be displayed to the user in an easily comprehensible fashion. It could include a warning that the email they’re reading is likely to be fraudulent and a list of reasons why the company believes it to be so.
Companies can also provide step-by-step instructions on what to do next, including reporting the email to the UK’s national fraud and cybercrime reporting centre.
Using analytics to detect fraud has the potential to prevent some vulnerable people from falling victim to the millions of fraud offences that occur each year. It also stands to raise awareness about what to watch out for in the future.
While there’s no silver bullet, taking concrete steps will not only increase defences but, just as importantly, demonstrate companies are actively working to solve a problem that continues to grow.
Graham Lovell is a defence and security expert at PA Consulting Group