July 15, 2020

Volume X, Number 197

July 14, 2020

Subscribe to Latest Legal News and Analysis

July 13, 2020

Subscribe to Latest Legal News and Analysis

The Battle Against Phishing

All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.

To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.

In a practical sense, this means that the NCSC can identify hoaxes of UK government websites across all domains, even when the sites were previously unknown to NCSC. Email providers can then block these addresses from its users’ inboxes faster, which can significantly reduce the number of successful phishing attacks that use government addresses. This is extremely helpful at tax time when phishers routinely impersonate the HMRC.

The NCSC recently released their second annual Cyber Defence Report highlighting this achievement. As a result of the technology, the report states that the NCSC has been able to stop 140,000 separate phishing attacks in the last year, and have taken down a record 18,067 phishing sites. This is a noticeable improvement when compared to the takedown rate of 14,124 in 2018.

While the technology has shown some success, it is not without its faults. The NCSC report admits that there are challenges in widespread implementation as email providers do not consistently process Synthetic DMARC records in the same way, which produces inconsistent results.

Although a victory, even with technological developments and protections there are still approximately 1.5 million new phishing sites created each month, and many successful attacks. Nonetheless, it is important that cybersecurity teams worldwide work hard in developing and using new tools and technologies, such as this, to protect organisations and individuals in the battle against phishing.

Co-Author: Jacqueline Patishman

Copyright 2020 K & L GatesNational Law Review, Volume IX, Number 204


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.