Orange Mountain Bikes anti-phishing case study

Like most companies, Orange Mountain Bikes has come to rely heavily on the use of email in recent years, with its factory in Penrith receiving over 50,000 email messages per day. The problem was that, at one point, Orange estimated that 65 per cent of those messages were spam, contained viruses or were phishing attempts.

Orange Mountain Bikes built the winners' bikes for the UCI World Cup Downhill in 2001, 2002 and in 2004. Like most companies, it has come to rely heavily on the use of email in recent years, with its factory in Penrith receiving over 50,000 email messages per day. The problem was that, at one point, Orange estimated that 65 per cent of those messages were spam, contained viruses or were phishing attempts.

Furthermore, there was mounting evidence of an alarming rise in identity theft attempts, a situation that was clearly unacceptable, especially for a company as security conscious as Orange Bikes. Although the company was running anti-virus and word filters on their mail server, the administrative burden was significant. These solutions were also powerless to detect and block phishing and ID theft scams.

When one employee asked her line manager about the 'current administrator password', it set alarm bells ringing. A subsequent investigation revealed that she was in fact attempting to reply to a phishing email that purported to be from the company's IT department, requesting that she verify the administrator password. This is just one example of a new phenomenon known as 'spear phishing' whereby phishers target victims with emails that appear to come from their own employers.

It was at this point that Orange approached specialist ISP IDNet for advice. IDNet assessed the situation and recommended SecureMail, a fully managed and hosted email security solution. SecureMail.is a multi-layered approach to mail filtering which keeps 'false-positives' to an absolute minimum while removing as much spam as possible. Since implementing the solution, Orange has found that the removal of Spam by IDNet both reduces the strain on their mail server and frees expensive bandwidth.

'Suspect spammers are throttled to frustrate their endeavours,' explains Michael Bonney of Orange. 'These technologies can stop 70 per cent of spam before the mail is even accepted for further processing, which is vital for our business in terms of freeing up bandwidth. We are based in Penrith, and as we are too far from our local BT Exchange to receive high-bandwidth ADSL services, every megabyte counts!' The solution operates by providing a first layer of defence which utilises reputation filters that can block known spammers at the border. Accepted mail is then screened through 17 spam-matching filters which can correctly identify and drop up to 95 per cent of all spam. Virus and worm screening then renders mail safe for onward transmission to the company's mail servers. The false-positive rate is just one-in-a-million messages.