Email Security: Detecting Phony Emails
Introduction
The email system is an indispensable tool for our business. Unfortunately, it is also perhaps the greatest risk as well, because it provides the easiest point of entry for scammers, spammers, hackers, and other malicious actors. Through email, it is possible for these evil people to launch many different kinds of attacks.
We have implemented several security systems in order to prevent the vast majority of threats that we face:
- Barracuda Email Security - We utilize the Barracuda Email Security System which is a cloud based Spam and virus filter that controls and blocks malicious emails before they are delivered to our email server.
- Crowdstrike - Crowdstrike provides endpoint threat protection. It is installed on every computer system within our organization.
- Windows Defender - The built-in antivirus program on our windows system provides some additional protection from cyber threats.
However, with the constant onslaught of spam and phishing emails and the ever-changing tactics of the spammers, maintaining a secure email system is a never-ending task. We also request the vigilance of our end users when accessing emails. Guarded use of the company email by every employee is an essential part of our security system!
We would like provide the following information to help you use email wisely and safely. First, we'll provide some definitions that are used in the world of email and cyber security. Then, we'll give some tips on using email safely. Then, we'll talk about the steps that you should take if you believe you're email or computer has been comprimised.
Definitions
DDoS Attack - DDoS stands for distributed denial-of-service attack. DDoS attacks occur when servers and networks are flooded with an excessive amount of traffic. The goal is to overwhelm the website or server with so many requests that the system becomes inoperable and ceases to function.
Keylogger - A software program or hardware device that records or transmits a user's keystrokes, and in some cases periodic screen shots, and is usually installed without the user's knowledge.
Malware - Malicious computer software that interferes with normal computer functions or sends personal data about the user to unauthorized parties over the Internet.
Phishing - The act of sending email that falsely claims to be from a legitimate organization. This is usually combined with a threat or request for information: for example, that an account will close, a balance is due, or information is missing from an account. The email will ask the recipient to supply confidential information, such as bank account details, PINs or passwords; these details are then used by the owners of the website to conduct fraud
Ransomware - Malware that holds the data of a computer user for ransom.
Spam - Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.
Trojan - Malware that appears to perform or actually performs a desired task for a user while performing a harmful task without the user's knowledge or consent.
Safe Email Tips
Here are a few pointers to help you spot a phony email.
- Characteristics of phishing and spam emails.
Look our for these common elements of phony/spam emails:
- Misspellings, including improperly use of capital letters.
- Odd grammatical expressions.
- Use of generic salutations.
- Contains unsolicited attachments.
- Contains an unusual request.
- Requests personal information or payment information.
- Sent from a Gmail account, but the "from" field is the name of a company.
- Hyperlinks that are labeled differently to disguise the actual target link.
- Contains threats or a sense of urgency.
- It is generally safe to look at an email that might be spam, but it could let the spammers know that this is a monitored email address.
- If you suspect an email is spam, avoid clicking on any links or pictures that might contain hidden links.
- Never call a phone number that is listed in a suspected spam email.
- It is safe to delete a spam email.
- Contact IT if you are unsure about an email.
Examples
A recent example of spam pretended to come from the legitimate wetransfer.com website. The spammers tried to mimic the look of real wetransfer.com email notifications:
-
LegitimateWeTransfer emails will show the email address of the person who sent you the file in the subject line.
- Example:
-
Phony emails will possibly contain part of your email address in the subject line.
- Example:
- (Also notice strange spellings in the phony email; capitalizing Via in the middle of the sentence.)
-
Legitimate WeTransfer emails will tell you who sent the files in the body of the email.
- Example:
-
Phony emails will possibly contain your email address and strange or ungrammatical language in the body of the email.
- Example:
- Most importantly, the links in a phony email will redirect you to a malicious website!
- Links that are embedded in an email contain two elements.
- The first element is the text that you see when you open an email. Most likely the text is displayed with a blue color and an underline to indicate that it is a link
- The second element is the destination that the link will open up in your web browser.
- If you hover your mouse over the link text, you will see the actual destination.
- In Outlook, a pop-up box will show you the destination:
- On this example, the actual destination is different from the link text. If you were to click on this link, you would not be sent to the WeTransfer site. Instead, your web browser will open up a malicious website.
- Here is some additional information from the WeTransfer support site on how to identify these impersonating emails: https://wetransfer.zendesk.com/hc/en-us/articles/208554176