Data security hackers are out there and they don’t all speak English.
That’s the crux behind cloud email security platform Avanan’s multilingual approach to phishing, a practice where bad actors send executives emails claiming to be from company employees or partners in order to access personal or financial information like passwords or company credit card numbers. An email might say it’s from the company’s chief executive officer (CEO), for example, asking the accounting department to wire a vendor some cash. But on closer look, it’s not from her at all. It’s just designed to look that way. According to software company Symantec, at smaller companies with 250 employees or less roughly one out of every 323 emails is malicious. At larger companies with 1001 to 1500 employees, the figure is one in 823.
That doesn’t sound like a lot, but when you think about the fact that it only takes one successful email to empty your company’s bank account, the threat becomes much more significant — especially in light of how easy phishing is to prevent.
As a prevention method, larger corporations institute training programs where employees are taught to spot fake emails. Security departments also intentionally send staff fake phishing emails from time to time in order to identity who’s most likely to fall for them. These trainings are typically limited to English — a mistake since the actual phishing attacks themselves are not.
“When the wrinkle of a different language is introduced, it’s enough of a change to get through to end users,” Avanan marketing content manager Jeremy Fuchs emails — in other words, employees have a harder time telling real emails from fake when phishing attacks aren’t in their native language. He also contends that non-English emails are more likely to get past secure email gateways — a technology that is supposed to block out phishing attempts.
As a result, Avanan has integrated machine translation (MT) in its anti-phishing software, working not with a language services provider (LSP) but using Google Translate to translate email subject lines and bodies into English so that the company’s tool can screen them out. According to Fuchs, after English, emails in Spanish are most likely to be phishing attacks, followed by Chinese then Russian.