[5] End User Awareness - Malicious Emails

in #email5 years ago (edited)

end.png

Protecting against Malicious Emails

Emailing is one of the most used means of communication. Whether it’s an enterprise or individual use, you will always be exposed to the threat of receiving emails that aren’t good-willed. In this article you will learn how to spot red flags and how to be a beast in email security.

Introduction to Emails and Attachments

Email is one of the easiest ways for attackers to reach victims. It provides anonymity for the attacker who can send attachments that carries many different threats to a computer user. These attachments are means of distributing malicious code, so it’s important that you don’t immediately open or download anything you have no knowledge of. Many viruses will also “read” an infected user's email list, and with that information spread to your colleges/friends as well.
Reputable companies with high status do not send you unsolicited emails asking for credentials. Sometimes emails can contain links that are shortened or contain a redirecting URL (Which we will talk more about), but these high-status companies do not use link shortening services and always redirect you to their own page domains. Nor will respected companies ask you to send your credit or debit card to them in means of owing money. However, attackers may try to fool users by making it seem it comes from a legitimate enterprise and use whatever tools they can to convince you.
The two biggest dangers carried out by emails:
LINKS:

Which can redirect you to websites hosting viruses
Can attempt to steal usernames passwords
Can redirect you to inappropriate or shocking content

ATTACHMENTS:

May hide viruses/malware in any attachment
May come from a trusted friend, but that has been infected
Clicking a trusted attachment that is malicious, but hasn’t been detected by the Email service

These are all cases that people are exposed to every single day. There are numerous cases where people get exploited every single day as well. Hopefully, this gives you a brief understanding of the malicious emails and what we’re about to go through in the next segment.

How to spot red flags in an Email

  • The sender address and the displayed name is fishy:
    If the sender’s email address and name don’t correspond or look like something that isn’t coming from a legit company or person, take caution. Often people will make it seem like they are someone else and claim to be a specific name, but when looking at their mailing address it’s something completely different.
  • URLs (links) redirect somewhere else:
    If the link in your mail says one address, but when you hover over it (without clicking it) another address comes up, there’s reason to be cautious. These links are typically for phishing purposes and try to get your credentials. You never know what these websites may contain- so for that reason, always bookmark your pages or write the URL address indirectly instead of using other referrals and redirects.
  • Incorrect addressee, date and signature:
    If the sender has failed to address you directly, has failed to date the email or failed to sign it, you have reason to be concerned. Most professional emails do, and should, contain a direct mention of the person, contain a date if needed, and a signature of the sender such as either company or individual signature.
  • Urgent messages:
    "THIS FORM NEEDS TO BE COMPLETED ASAP!", Malicious emails give us a sense of urgency and making us think that something needs to be done "right now", which is an attempt to make us not think about our security practices and fall for their trap.
    Take a few moments to examine the email you are looking at and determine if it sends up any red flags. Checking over an email for warning signs only takes a few moments. However, a mistake made in haste that causes an infection on a computer or a network can result in lost data, money, and time.
  • Pleas for money:
    Another common factor in malicious emails sent on a mass scale is the promise of money or the threat of money loss. Impersonating wealthy individuals, banks, lotteries, or the IRS is very common because the mention of money often gets people's attention. While many of these scams automatically end up in our junk mail, occasionally one may slip by. Remember that "If it sounds too good to be true, it probably is", and make sure to always move those scam emails to your junk folder and block the sender to prevent more.

What do to

HOLD ONTO YOUR E-MAIL ADDRESS

Email lists (especially for those of high-ranking company individuals or government employees) are often bought and sold online to attacks. The lists provide attacks with targets for spam and phishing emails that can be used to infiltrate a network. Always be careful who you give your email address out to and what website you use it to sign up with.

CLEAN UP YOUR EMAIL SUBSCRIPTIONS

Everyone has a website or two that they signed up for in haste. Unsubscribing from non-used services can help keep our inbox clean so we can see important emails more easily. This also prevents us to be caught in those big email lists.

HAVE DIFFERENT EMAILS FOR DIFFERENT PURPOSES

Don't use the same email for work and personal. it is handy to have a junk email address that you can give websites that you need to sign up for, but don't want them to have your personal information. That’s why you should separate your work email and your personal hobby email.

DON'T CLICK ON LINKS. ALWAYS CHECK REDIRECTION

You can easily change the link text of the URL you’re posting into a worksheet. Hover your mouse over the redirect link to ensure it’s the correct redirection as the text proves. If it doesn’t look the same, do not click. Rather write your own saved website into the URL bar or bookmark it for later use.

VERIFY VALIDITY

Check overall legitimacy. Digitally assignation, contact information, name of the receiver, what the email address is and if titles are looking legit.
Spelling and grammar are also mistakes that very commonly exist in malicious emails that are sent on a mass scale. Many of these emails are not written by native English speakers or are written in haste, which results in obvious errors.
However, do not count on this as your only means of determining if an email is malicious. Emails that are written and specifically targeted to attack a certain company can be very convincing and even look like they are from internal help desks. Always be suspicious of any email, no matter the source, which asks you to click a direct link to a login page or to download an attachment.

DO NOT OPEN OR SAVE ANY ATTACHMENTS

Are you expecting an Electronic Fax from a client? Was your manager planning on sending you a "Monthly Revenue" spreadsheet? If you were not expecting someone to send you an attachment, it may be that their email has been compromised and is sending out malicious attachments. Additionally, attackers can modify emails to make them appear as if they came from an internal copier or fax machine.
If you are not expecting an email with an attachment, be extremely cautious. It only takes a moment to dial a coworker and ask them if they meant to send you a certain document. Virus scanning attachments are a great practice; however, a skilled attacker can make a virus that can easily go undetected by a virus scanner.

DON’T GIVE THE EMAIL INTEREST

Don't allow the email to download pictures, don't reply, don't trust the email with a “known” sender. Always put the email in your junk folder and block the sender.

#malware #virus #enduserawareness #cybersecurity #infosec #security #steemit
5 years ago in #email by
$0.00
    3 votes
    Reply 0
    Sort:  
  • Trending