Innovative anti-phishing app comes to iPhones

[The AchieVer]

MetaCert checks emails on iPhones for phishing links, but giving the app access to all of your messages could be a concern for some.

 

Getty Images

 

We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated. But what if our email app warned us before we clicked malicious links?

Can this app protect against phishing attempts?

MetaCert isn’t fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defense against clicking on malicious links received in email messages.

The solution emerged from the developer’s earlier work building an API to help app developers add a layer of security to WebView.

It relies on two principal databases that are regularly updated:

• An extensive collection of known phishing email addresses
• A collection of known addresses for the services phishers often like to spoof, places like PayPal, online retailers, banks, and so on

 

In the future, the company will be implementing blockchain technology across its systems — that’s an essential step that should enable users to verify whether websites and emails that are being alerted as threats actually are threats, rather than items accidentally added to the phishing warning lists.

How MetaCert works

When you receive an email, MetaCert will check the message against its databases.

 

It will then flag emails inside your email app as follows:

 

• A red shield warns the link goes to a known phishing site.
• A grey shield states it is unrecognized.
• A green means the link should be safe to use.

If you do accidentally click a recognizably malicious link, you will be taken to a warning page before you reach the bad website.

 

Privacy concerns

There is a negative side to how the app works, which most users must be certain they understand. This is in order for this to work, the system must analyze your emails, which means messages must pass through MetaCert's servers.

This process means you must give the service permission to handle your messages, and (on iOS devices) you will be required to create an application-specific password that gives this software permission to access and analyze your messages.

The company says it doesn’t store your emails, but permitting third-party access in this way may be a red flag for some potential users, particularly in regulated industries.

There are other solutions that provide anti-phishing protection, such as those from Avira (which costs a few dollars each month). MetaCert is currently available for free, but it is planned will become a paid service.

 

Other cautions

You can’t be completely reliant on services like these.

Common sense matters; just because your security system tells you something is safe, it doesn’t mean you should abandon your own scrutiny and common sense.

A grey shield alert doesn’t necessarily mean a link is safe; it means you should double check the link before you click. 

Final thoughts

Phishing attacks are becoming far more sophisticated, targeted and professional, with approximately 76 percent of enterprises admitting to experiencing them in the past year. Further, the security environment continues to become more complex for both enterprise and consumer users.

Traditional security protection systems such as virus checkers and firewalls are still mandatory, but they are far less effective against the complex attack scenarios prevalent in today's digital economy.

When it comes to enterprise security, network monitoring, location-based protection and cooperative sharing of security-related datasets are becoming key components of switched-on, 24/7, situation-awareness security protection systems. Within this landscape, MetaCert’s system seems a useful adjunct to existing systems.

I imagine we’ll see this kind of alert-based security systems become components of future operating systems in the future, certainly within those from vendors that actually care about customer security, and privacy, come to that.

On iOS, this new solution works with most email services, including Thunderbird and Apple Mail, with Outlook and Gmail support in development. The company is running a public beta test, so you can test this system for yourself.

 

Source