Download Fraud Eliminator to Protect Yourself from Phishing Scams

Maximizing Email Security ROI Stop Spam and Save


This is the first of a five-part series on Maximizing Email Security ROI

In the realm of email security threats, the costs of spam are relatively easy to recognize. Although most organizations rarely, if ever, take the time to calculate their spam costs, they can easily account for the losses caused by spam with regards to employee productivity, consumption of IT resources and help desk costs. Harder to measure are the less obvious, and potentially catastrophic, costs incurred through legal liabilities and damage to an organization’s reputation that can be caused by an ineffective spam filtering technology.

Spam is much more than a nuisance—it costs corporations in both money and human resources. Understanding your exposure and taking steps to mitigate the problem not only saves capital, it can also help lower your exposure to costly litigation and damage to your company’s well earned reputation.

Lost Productivity

Each spam message that makes its way past your organization’s gateway costs the company money. The actual cost of each individual message is miniscule, but with an estimated 80% of all e-mail messages qualifying as spam, the constant flood of unwanted messages is of grave concern.

How much time do employees spend dealing with spam, and how much does it cost you? Ferris Group estimates that the average employee spends 30 minutes each day dealing with spam, equating to 115 hours per employee, per year. Based on interviews with 82 Fortune 500 companies, Nucleus Research claims the average annual cost per employee of dealing with spam is now $1,934. While your costs will vary, it is safe to assume that if you don’t have an effective spam filter, you are wasting thousands of dollars per employee per year to manage spam.

IT Resources Consumed

The costs of spam don’t stop with the employee. According to CIO Magazine, “costs include additional e-mail and networking equipment to maintain e-mail service quality, bandwidth costs from unwanted spam data across Internet links, and the staff costs to maintain and administer these additional loads.”

Help Desk Cost

The ongoing barrage of spam generates increased calls to corporate help desks due to complaints and technical problems related to bad files, missing information, messages deleted by mistake and virus outbreaks. When a message is erroneously deleted as spam, Help Desk personnel are generally required to search through system backups to retrieve the missing email. Viruses and worms, frequently delivered via spam messages, also wreak havoc on the Help Desk as users call in for help restoring files and updating signatures. In addition, complaints from angry users tie up resources that could be spent on other issues.


Spam can force organizations to deal with lawsuits filed by employees for creating a hostile working environment. Spam containing pornography, insulting content or fraudulent phishing schemes can expose organizations that have not taken reasonable steps to combat such attacks. Employees unfamiliar with company policies may forward such content to fellow employees or even contacts outside the company, resulting in sexual harassment or countless other liability lawsuits.

Each organization’s exposure to such lawsuits varies, but large awards to the plaintiff are not uncommon when they do occur. In fact, the October 2002 issue of TechRepublic states that “the average jury award against employers in [sexual harassment lawsuits] is $250,000. That amount often triples when attorney fees and litigation costs are added to the mix.”

Reputation Cost

The cost of spam to a business’ reputation is equally difficult to define. The cost is nothing until something catastrophic—like a phishing attack—happens. The average individual victim of identity theft loses about $500, and businesses lose an average of $4,800. By allowing phishing and spoofing attacks into your business’ network, your organization is exposing itself, its brand and its employees to enormous risk. If your organization’s trademarks or brand are used in phishing attacks, the cost to your company’s brand is estimated at between $100,000 and $150,000.

What You Can Do Now To Stop the Spam

Knowing the risks involved in spam is the first step to solving the problem. CipherTrust’s FREE whitepaper, “Controlling Spam: The IronMail Way” describes the issues that put your email system at risk. Download it today to learn more about how you can stop spam, secure your email system, and protect your company and employees from email-borne threats.

Part II of this series will describe the issues involved in determining ROI for anti-virus software and services as they apply to email.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Controlling Spam: The IronMail Way” or by visiting

Download Fraud Eliminator to Protect Yourself Click Here

UK Based Phishing IQ Test
Some time ago I posted a link to an American Phishing test. I'm pleased to tell you that there is now a UK Phishing Test using UK examples that might make rather more sense to us than the American one. Phishing, for those who don't know, are fake emails that supposedly come from banks etc. that are designed to get us to give out personal details, which can then be used to get money out of accounts and so on. No-one would fall for them, surely? If you're sure you're too clever then try the test and see how well you do!

Gmail Takes the Phun Out of Phishing
Google isn’t allowing itself to be put in the same situation as other e-mail providers in regard to phishing attacks. In October of last year, they implemented Yahoo’s DomainKeys e-mail source verification ( a month before Yahoo did, but that’s Google for you). Now they’re using a proprietary engine to tag suspicious messages coming in to Gmail accounts. When a Gmail user opens a suspected phishing message, the software displays a large red dialog box… Direct and Related Links for 'Gmail Takes the Phun Out of Phishing'

Netcraft: 5,600 Phishing Sites Since December
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

Netflix Fixes "Phishing" Security Threat
Christopher tipped me off to a Bugtraq Mailing list thread about a possible Netflix security problem involving "Phishing." This is the Wikipedia definition of phishing: In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack. Here's a link to an example of a phishing e-mail. This is an example of phishing HTML code: This was just a warning and...

14,411 phishing attempts in April 2005
In April 2005, the number of phishing attempts rose to 14,411, says Anti-Phishing Working Group. A drop in unique phishing e-mails was reported, down to 3,930, from 4,100 in March 2005. Number of phishing Web sites hosted in China increased to 2,854 active phishing sites reported in April 2005 (22% of total). 26.3% of phishing [...]

Anti-Phishing Working Group Creates Phishing Scam Database for Members (2 June 2005)
In hopes of becoming a clearinghouse for phishing data, the Anti-Phishing Working Group has created a database of phishing scams that can be used to share information with other Anti-Phishing Working Group members; there is also an XML form that can be used to submit attack data.......

Download Fraud Eliminator to Protect Yourself Click Here