Innovative anti-phishing app comes to iPhones

Credit to Author: Jonny Evans| Date: Mon, 10 Dec 2018 08:01:00 -0800

We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated. But what if our email app warned us before we clicked malicious links?

MetaCert isn’t fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defense against clicking on malicious links received in email messages.

The solution emerged from the developer’s earlier work building an API to help app developers add a layer of security to WebView.

It relies on two principal databases that are regularly updated:

In future, the company will be implementing blockchain technology across its systems — that’s an essential step that should enable users to verify whether websites and emails that are being alerted as threats actually are threats, rather than items accidentally added to the phishing warning lists.

When you receive an email, the system will check the message against its databases.

It will then flag emails inside your email app as follows:

If you do accidentally click a recognizably malicious link, you will be taken to a warning page before you reach the bad website.

There is a negative side to how the app works, which most users must be certain they understand. This is in order for this to work, the system must analyze your emails, which means messages must pass through MetaCert’s servers.

This process means you must give the service permission to handle your messages, and (on iOS devices) you will be required to create an application-specific password that gives this software permission to access and analyze your messages.

The company says it doesn’t store your emails, but permitting third-party access in this way may be a red flag for some potential users, particularly in regulated industries.

There are other solutions that provide anti-phishing protection, such as those from Avira (which costs a few dollars each month). MetaCert is currently available for free, but it is planned will become a paid service.

Phishing attacks are becoming far more sophisticated, targeted and professional, with approximately 76 percent of enterprises admitting to experiencing them in the last year.

You can’t be completely reliant on services like these.

Common sense matters; just because your security system tells you something is safe, it doesn’t mean you should abandon your own scrutiny and common sense.

A grey shield alert doesn’t necessarily mean a link is safe; it means you should double check the link before you click. 

The security environment continues to become more complex for both enterprise and consumer users.

Traditional security protection systems such as virus checkers and firewalls are still mandatory, but they are far less effective against the complex attack scenarios prevalent in today’s digital economy.

When it comes to enterprise security, network monitoring, location-based protection and cooperative sharing of security-related datasets are becoming key components of switched-on, 24/7, situation-awareness security protection systems. Within this landscape, MetaCert’s system seems a useful adjunct to existing systems.

I imagine we’ll see this kind of alert-based security systems become components of future operating systems in the future, certainly within those from vendors that actually care about customer security, and privacy, come to that.

On iOS, this new solution works with most email services, including Thunderbird and Apple Mail, with Outlook and Gmail support in development. The company is running a public beta test, so you can test this system for yourself.

Please follow me on Twitter, and join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss