Technology Advisor Blog

Don't Click on that eMail Security Warning Message!

Posted by Ann Westerheim on 1/21/19 1:53 PM

We do a lot of cybersecurity training at Ekaru and one of things we tell people is to "THINK BEFORE YOU CLICK".  But what do we need to look out for?

Fake email Security WarningHere's an example of an email received today. It sounds pretty important.  The message is saying that there is a security alert for your account, and there's a sense of urgency around clicking on the link to make sure you're protected.  Sounds like something to act fast on, right?  Actually, its just a fake message designed to get you to click on the link which could be a link to "phish" your email credentials, or to trick you into installing malware.  In either case, danger lurks ahead.

One of questions we get a lot, is "how do I know the message is a fake?".  First, assume if you have any doubt whatsoever, this is probably a good "gut" reaction that you shouldn't proceed.

In this case, the email was sent to an "alias", not an actual mailbox, so that was a big giveaway, but perhaps subtle for many users.  An alias is an address that may be used to go to a particular role in your company or to a group of users (like sales, info, techsupport, etc...)  That was the first warning that it's not even an actual mailbox.

The second warning is that if you were to hover over the link, you'll see the link goes somewhere unexpected.  This is also somewhat subtle because many users don't know that what you print in the email, and the actual link can be completely different.   Also, great care must be taken to not actually slip with your mouse and click through.

The third warning is that if you look at the "properties" of the email, the "path" of the email can be revealed in the technical header of the email.  This is also something that would be simple for an advanced user, but most users aren't aware that the "from" address can be easily faked.

With all your security protection in place, all it takes is ONE user clicking on ONE wrong link to do a LOT of damage to your business.

Given that your team probably isn't composed of a team of tech experts, what should you tell your team?

  1. Bring examples of fake messages to your staff meetings and SHOW your team what a spoofed (fake) email looks like.  Years ago they were fully of typos and obviously fake.  Today's messages can look VERY real.
  2. Educate users to trust their gut.  If you have ANY doubt about the email, listen to your instincts.  CALL your tech support to find out if there is a problem with your account.  Call a number you already have, NOT any number included in the email (same goes for any fake credit card alerts, etc.)
  3. Speak up!  Did you click on the link?  You will need to be disconnected from the network and have your system cleaned.  Keep in mind that many advanced threats are designed to run on timers so you may not notice anything right away and keep working.  Create a culture where people feel free to speak up.  Trying to hide something could do a LOT more harm.

Many messages are designed to get loyal and diligent employees to make a mistake.  The bad actors are working all the time to develop new threats.  With the availability of cryptocurrency, cyber crime is now bigger than all organized crime.  

Talk to your employees about security on a regular basis.  THINK BEFORE YOU CLICK!

Tags: cybersecurity, email security

Sending an email to more than just a few recipients? DON'T hit the send key before reading this....

Posted by Ann Westerheim on 4/16/18 3:54 PM

eMail-BulkMailYou need to send an important update or invitation to all your clients and you're ready to hit the "send" key.  Don't!  

If your eMail hosting provider or Internet Service Provider sees a lot of mail coming from you that looks the same, this will be categorized as "bulk" commercial mail and you may unwittingly violate the acceptable use policy of your provider.  Even though these would be emails people want, the systems and algorithms in place can't tell the difference between your well-crafted invitation to a high-quality event, or highly thoughtful customer update, and the massive amount of spam on the Internet.   

To send bulk mail, first you must comply with the current anti-spam laws, and then you need to find a way to successfully deliver your mail.

You must have permission to send the mail via an opt-in process (such as a newsletter sign up), or implicit permission such as an established client relationship.  The CAN-SPAM Act of 2003 puts into law the differentiation between legal and illegal commercial email.  Commercial emails are considered legal if they adhere to the following standards:

  1. The header of the commercial email (indicating the sending source, destination and routing information) doesn't contain materially false or materially misleading information;
  2. The subject line doesn't contain deceptive information;
  3. The email provides "clear and conspicuous" identification that it is an advertisement or solicitation;
  4. The email includes some type of return email address, which can be used to indicate that the recipient no longer wishes to receive spam email from the sender (i.e. to "opt-out");
  5. The email contains "clear and conspicuous" notice of the opportunity to opt-out of receiving future emails from the sender;
  6. The email has not been sent after the sender received notice that the recipient no longer wishes to receive email from the sender (i.e. has "opted-out"); and
  7. The email contains a valid, physical postal address for the sender.

Source:  Cornell Law School: Legal Information Institute.

Even if you follow all these rules, now you need to find a way to deliver your mail to your recipients.  Your email hosting provider or Internet Service Provider will not be reviewing the contents of the email so they may just block you.  If you plan to use any bulk email, we recommend Constant Contact or Hubspot to send your mail.  There are also many other excellent providers, but these are the ones we use and recommend.

We've seen clients try to work around the bulk mail limitations by sending mail in batches or by trying to hide the number of recipients in distribution lists.  It won't work! Computer systems are very good at recognizing patterns and you won't outsmart the system.  Blocking an individual sender, which is highly inconvenient for that sender, actually protects you from the worse situation of having your entire domain blocked.   If your domain is blacklisted, it will take time to get off the black list, and in the meanwhile, no one in your company will be able to send email.

Why do eMail hosts and Internet Service Providers block mail?  They're trying to cut down on the spam that ties up about 90% of email traffic.  Many viruses attack PCs by turning them into "zombies" that send mail on behalf of spammers.  This ties up valuable resources, so the hosts and Internet Service providers want to stop it... and unfortunately they wind up stopping the "good guys".

After you comply with all the rules, and use the right platform, keep in mind that if customers "unsubscribe" then you can't add them back on to the list.  We recently sent out an important customer update, and found that a few customers didn't receive it because they had unsubscribed from our newsletter.   Focus on high value information, and use your bulk mail sparingly to keep the retention level high.  You may also need to do some customer education around what you're trying to achieve with the notifications so they won't just de-clutter one day and cut off all communications (and then ask why they didn't get the important update).

Bottom line, don't fool around with bulk mail.  eMail is a great way to get the attention of your clients directly in their inbox, but be informed and responsible before hitting that "send" button!

Tags: eMail, email security

Beware of Phishing attempt to "Authenticate your Account"

Posted by Ann Westerheim on 7/25/17 9:12 AM

Phishing.jpgStay alert when reading through your email.  Our Cybersecurity advice focuses on "layers" of security, and even with all the technology in place to protect you, the "bad actors" will always resort to new tricks.  End user education and vigilance are key.

We've been alerted about a new phishing wave making the rounds.

These emails state that the email address has been flagged for suspicious activity and the user is required to click a link to authenticate the account. 

Please note that these emails are NOT legitimate emails sent by the hosting platform. If you notice emails that contain suspicious links or attachments, please avoid clicking on any links, and please remind all users in your organization to stay alert.

A few additional reminders include:

  • Never share personal information via email
  • Visit websites directly from browsers and bookmarks - not email
  • Double-check attachments before you click or download them
  • Watch for misspellings and strange greetings (Hello Madam!)
  • Be suspicious of emails that evoke a sense of urgency and ask for your immediate action
  • When it comes to wire transfers, be extra vigilant.  Confirm with a face to face or phone conversation.
  • When in doubt - DO NOTHING!

Think before you click!

 

Tags: email security, phishing, cybersecurity

Why did that Spam message get through my filter?

Posted by Ann Westerheim on 3/7/13 8:43 AM

SpamOne of the services we provide to our clients is spam filtering.  The goal is to stop the spam BEFORE it gets to the mail server so it doesn't wind up on the users' desktop, laptop, iPad, smart phone, etc....  Each month when we do the reporting and roll up the numbers, it's amazing how much volume there is. Overall, around 80% of all email traffic is flagged as spam.  For some of our clients, this means blocking out tens of thousands of messages a month.  I looked at our own domain yesterday, and in February, over 10,000 messages were blocked or quarantined, including 348 emails containing viruses.  

One of the frustrating things is that with all the sophisticated algorithms involved with the spam security filters we put in place, some spam still gets through.  Just yesterday we heard from two clients who reported receiving a spam message that to any human reviewing the email, the disposition should be obvious, but to a computer scanning thousands of messages with respect to certain algorithms, a few get through.  In both cases, we saw "Breaking News" emails where for one user, the server logs showed that one email got through and seven were blocked in the past week, and for the other users, one got through, and 65 were blocked/quarantined.  In this case, we can see that the filters ARE working, but they are not 100%.  For a message with carefully crafted language, the initial emails typically get through, and it isn't until the volume of identical messages is detected that the rest get properly dispositioned as spam.

It's annoying for all of us that these spam messages just keep coming to us, but at least with good filtering, the vast majority are stopped.

Tags: eMail, email security, spam, spam filtering

Beware! Flight Information Phishing Emails

Posted by Ann Westerheim on 12/8/11 8:21 AM

Beware of Internet ThievesThis is the time of year when many people travel.  We have received a lot of questions recently about the latest email security threat:  a new wave of "phishing" emails that are based on flight information notifications. 

The emails vary, but as an example, one of the emails we looked at had a subject of "Your Flight Order" and some official looking numbers, with the content of the email containing the flight number, date and time of departure, airport name, price, and then a link to print the ticket.  This link looks innocuous, but it actually goes to a foreign web site set up to steal information from you, or infect your system with malware. 

What a lot of people may not know is that a link in an email can say anything, and be coded to go to an entirely different location.  The "bad guys" are basically trying to get you to click on the link.  You may have travel plans and quickly click on the link because you think it's your real ticket, or you may be curious because you think your credit card may have been breached ("who bought this ticket and why am I getting the notification?").  With "social engineering" the emails look familiar, so people unknowingly click on the links.  Other recent phishing scams involved package shipment notifications and ACH bank transfer notifications.  Because the actual text of the email is innocuous, these scams will often get through spam filters when the new wave first appears, until the spam filter definitions catch up.

Delta airlines has a link on their web site alerting folks about the phishing email alert if you want to read more.  The US Computer Emergency Readiness Team (CERT) has a posting on their website of a number of holiday phishing and malware threats.  The Federal Trade Commission's Phishing Scam Page also has a lot of excellent information about how to protect yourself form on-line threats.

ALWAYS be aware when reading your mail.  Don't click on any links in emails that are questionable. 

Tags: phishing, email security

eMail Security - Sending Encrypted eMail

Posted by Ann Westerheim on 5/27/11 11:15 AM

eMail EncryptionAlthough email typically has a layer of security protection in the form of a password, users need to be aware that emails sent "in the clear" (not encrypted), CAN be intercepted and read by other parties using available tools.

To address this threat, the new MA Data Protection Law which went into effect March, 1, 2010 requires "Encryption of all transmitted records and files containing personal information that will travel across public networks".

There are many solutions available, but the one we typically recommend to clients is Voltage SecureMail. This is an easy solution because the email recipient doesn't need to purchase or install any software on their end. 

Although it's a bit of a pain to go through the extra step of encryption, this is a necessary precaution when sending any protected or sensitive information.  You can send eMails directly from Microsoft Outlook, or log into a web interface.  We typically advise clients to develop a process where they send a preliminary email to the recipient with some simple instructions to let them know a secure email will follow.  This helps non-tech-savvy users know what to do.

To see how it works, view the Voltage SecureMail demo.

If you'd like to give it a try, sign up for a free trial.

To learn more about the new MA Data Protection Law - 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH - read full regulation from the mass.gov web site.

Tags: email security, Encryption

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.