“Man in the Inbox” Phishing Attacks Highlight A Concerning Gap In Perimeter Technology Defences

“Man in the Inbox” phishing attacks come from compromised email accounts. They look like someone from within a business, for example the HR director, sent an email directing employees to do something legitimate—like logging onto a fabricated page to read and agree to a corporate policy. When employees log on, the attackers harvest their credentials. These attacks are yet another example of increasingly sophisticated credential phishing. 

The best way to detect these types of campaigns is to train users to recognise phishing attacks, including “Man in the Inbox.” It is also important to note that perimeter defence technologies like secure email gateways are not designed to stop these attacks.

In the report – Best Practices for Protecting Against Phishing Ransomware and Email Fraud - by  Osterman Research, one of the main concerns expressed by decision makers focussed on email being the primary threat vector for cybercriminal activity, and nearly one-half of attacks are focused on account takeovers.

To download the full Osterman report CLICK HERE

Secure Email Gateways Miss Attacks That Come From Within
Secure email gateways are only part of a sufficient defence strategy. In the case of a “Man in the Box” attack a secure email gateway will not block the attack because it never sees it coming—the phishing emails come from within, from compromised accounts and other trusted sources.

Secure email gateways are less effective in filtering internal messages. Because of the implicit trust in the sanctity of the internal domain, rules governing internal content are often lax or immature. Once inside the perimeter, a phishing email leaves the users themselves as the only remaining line of defence is a strong response starting with properly trained employees successfully reporting the attack, leading to rapid containment and mitigation.

Human and technical assets working collectively can block phishing outbreaks. In-depth security means more than layers of technology: gateways, scanners, heuristic engines, and multi-factor authentication. It means choosing the right technology to identify compromised IPs and speed mitigation. It also means giving employees relevant education. 

A collective defence, not tech-only, is the smarter way to go.

Spacer 2

Secure your spot today for our seminar in Auckland and Wellington

91% of cyberattacks and the resulting data breach begin with a spear phishing email. Employees often prove to be easy targets for malicious actors. With Cofense PhishMe, you can condition your users to spot, avoid, but more importantly report, suspicious emails that breach perimeter defenses.

See how Cofense PhishMe:

  • Conditions employees to identify and report phishing attacks through proven, immersive education processes.
  • Accurately mimics real-life spear phishing scenarios and provides instant learning opportunities for recipients who fall for the exercises.
  • Provides IT teams with the tools to effectively educate employees to help thwart phishing attacks aimed at your organisation.

Click on one of the following links to find out more and to secure your seat: 

Auckland event, 22nd August - CLICK HERE

Wellington event, 23rd August - CLICK HERE

Speaker Details:

Duncan Thomas

Duncan Thomas - Director of Sales ANZ

Duncan has over 12 years’ experience in the software industry. He has been involved with startups, and product launches in a variety of fields within the Software space with a particular focus on Security. He has presented at 2 RSA Security conferences on both Encryption technologies and anti-phishing efforts.


Sameer Shaikh -

Sameer has over 11 years of experience in sales and customer service roles in the technology, financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Taking a Different Approach to Endpoint Security More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >