This week, we learned of a new phishing campaign targeting PayPal users in an attempt to extract as much personal data as possible.
The campaign is spread via an email claiming to be from PayPal’s notification center warning users that their account was accessed from another browser or device. The recipient is then prompted to click on a button which opens an online form owned by the attacker.
PayPal phishing email (Source: SANS ISC)
If you’ve been following some of my previous posts, you may recall that I’ve discussed avoiding phishing email scams fairly frequently, but as long as people continue to fall victim to these and other email related scams, there will be a need for ongoing education on how to spot social engineering, spoofing, and other phishing-related tactics.
Consider this week’s PayPal phishing example. Cybercriminals often take advantage of the fact that many email clients (especially mobile devices) will only show the display name or “friendly from” header, and not the full email address. In the above example, “Support” was used as the display name, but the message was actually sent from an address under ovh.com.
If a user clicks on the link in the email, they are taken to a landing page operated by the attackers, and then presented with a fake login form where they are prompted to enter their email address and password.
PayPal Login Form on Phishing Site
From there, the user is asked for their full street address, and then they are taken to a form requesting credit card details.
Lookalike PayPal form requesting credit card information
At this point, most users would start getting suspicious, but those who proceed are presented with a form requesting their date of birth, Social Security number, and even their ATM or debit card PIN.
PayPal Account Locked Spoofed Form
Users who go a step further are then requested to upload a photo of a valid ID or credit card.
Most reputable banking and government institutions have strict policies regarding their handling of confidential information. You’ll find more information on avoiding common email scams on PayPal’s website.
Phishing scams continue to evolve, with enough victims to keep cybercriminals in business for the foreseeable future. That’s why it’s important for businesses of all sizes to provide their employees with ongoing training on how to recognize and avoid email scams. A good place to start would be to review these 10 tips to identify a phishing email, and as always, remain vigilant and be skeptical of any online requests for information.
Despite the rumors announcing the death of email, its use continues to grow. According to research from the Radicati Group, email traffic is predicted to grow to over 333.2 billion emails sent per day (from the current 306.4 billion emails). And as long as businesses continue to use email, cybercriminals will find new ways to exploit security gaps, software bugs, and basic human nature to extort millions of dollars from their victims.
Here are our top 15 recommendations to protect your business from email-borne threats with Security Gateway
Security Gateway was designed to be easy to use while providing the strongest protection against spam, phishing, and data leaks. And while most security settings are configured for optimal protection by default, it’s a good idea to follow these guidelines for best results.
Verify That a User is Valid before Creating an Account
With every incoming message addressed to an unknown local user, Security Gateway needs to be able to verify that the account is a valid local user by querying Office 365, Active Directory, MDaemon, or another data source before creating the account and delivering the message. We recommend using one the five user verification sources found in Security Gateway to validate accounts.
User verification options to validate users by querying Office 365, Active Directory, MDaemon, or an LDAP data source
Use SMTP Authentication to Prevent Unauthorized Account Access
To help prevent unauthorized account access, we recommend requiring SMTP Authentication unless a message is transmitted from a domain mail server.
SMTP authentication settings in Security Gateway for Email Servers
Use Strong Passwords
Spammers will often try to hijack an email account by guessing its password. Therefore, passwords that are easy to guess should always be avoided. If Security Gateway is configured to create accounts automatically by querying a user verification source, then make sure your user verification source is configured to require strong passwords. Passwords can also be assigned to users manually via the Domains and Users menu.
Enable Dynamic Screening
Enable Dynamic Screening to block connections that exhibit suspicious activity, such as failing too many authentication attempts, connecting too many times in a given time frame, attempting to keep a connection open too long, or sending to too many invalid recipients. Dynamic Screening makes it more difficult for a malicious person to guess passwords by detecting the malicious activity and blocking the connections.
Dynamic Screening Settings in Security Gateway for Email Servers
Enable Account Hijack Detection
If a spammer guesses an account’s password, he can then use that account to send out spam. To limit the spammer’s ability to abuse a compromised account, enable Account Hijack Detection, and then enter the maximum number of messages that can be sent in a given time frame. Once the limit has been reached, the account is disabled and the administrator is notified.
Prevent compromised email accounts from abuse with Account Hijack Detection in Security Gateway for Email Servers
Enable at Least One Default Mail Server
When email arrives for a domain that has not been assigned its own mail server, Security Gateway needs to know where to send those messages. We recommend adding a default mail server for all Security Gateway domains that have not had domain mail servers specifically associated with them.
Security Gateway – Default mail server settings
Prevent Unauthorized Mail Relaying
Relaying occurs when mail that is neither to nor from a local account is sent through your server. Servers that are not properly configured to prevent relaying can end up on a blacklist. By default, Security Gateway does not allow mail relaying.
Relay Control Settings in Security Gateway for Email Servers
Protect Your Domain with IP Shielding
IP Shielding is a security feature that only honors SMTP sessions claiming to be from someone at one of the listed domains if they are coming from an IP address associated with that domain.
The best way to secure outbound email is via SMTP authentication. However, for businesses that need to send email from a printer or other device that is not capable of authenticating, IP Shielding can be used to exclude certain IP’s or ranges from having to authenticate. Messages from authenticated sessions can optionally be exempt from IP Shielding requirements.
Protect against email spoofing with IP Shielding in Security Gateway for Email Servers
Enable SSL to Ensure Data Privacy
To protect the privacy of transmitted data, we recommend enabling the SSL encryption features for SMTP and HTTP.
Secure Sockets Layer (SSL) settings in Security Gateway for Email Servers
Enable Backscatter Protection
Most spam messages contain a forged return path. This often leads to users receiving thousands of delivery status notices, auto-responders, and other messages in response to messages that the user never sent. This is known as backscatter. To combat backscatter, Security Gateway’s Backscatter Protection feature can help to ensure that only legitimate Delivery Status Notifications and auto-responders get delivered to your domains.
Backscatter Protection Settings in Security Gateway for Email Servers
Don’t Whitelist Local Email Addresses
In many cases, local IP addresses or host names may need to be whitelisted. However, we do not recommend whitelisting local email addresses. If a local address is added to the whitelist, messages sent to this address could bypass many of your security settings and put your server at risk of being blacklisted.
Protect your Email Infrastructure from Virus and Spam Outbreaks
Security Gateway scans all inbound and outbound mail using the Cyren and ClamAV antivirus engines. It also includes Cyren Outbreak Protection, which is real-time anti-spam and antivirus technology that is capable of proactively protecting your email infrastructure automatically and within minutes of an outbreak.
Antivirus settings in Security Gateway for Email Servers.
Prevent Data Leaks
Security Gateway includes over 70 Data Leak Prevention rules to help prevent unauthorized transmission of sensitive information such as personal identification numbers, credit card numbers, and other types of confidential data. These rules can be configured to send messages containing sensitive content to the administrative quarantine for further review, redirect the message to a designated address, or encrypt the message.
We recommend enabling the appropriate Data Leak Prevention rules to suit the needs of your specific business or industry.
Data Leak Prevention in Security Gateway for Email Servers
Enable Location Screening
Use Location Screening to block inbound SMTP and HTTP connections from unauthorized countries. If your company has no legitimate business need to communicate with a particular country, then refusing connections from that country can potentially block large amounts of spam. Alternatively, you can configure Location Screening to only prevent authentication from unauthorized countries.
Block email from unauthorized countries with Location Screening in Security Gateway for Email
Enable Macro Detection in Microsoft Office Documents
Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5 and up, the Virus Scanning settings include an option to detect macros in Microsoft Office documents and flag them as infected. Security Gateway can refuse these messages or quarantine them for administrative review.
Would you like to learn more about Security Gateway for Email? Visit SecurityGatewayForEmail.com to sign up for hosted or on-premise email protection.
At about this time last year, Office 365 had around 155 million users, and businesses continue to adopt its services at a rate of around 3 million users per month. But as subscription rates continue to grow, it becomes a growing target for cybercriminals to spread phishing and ransomware attacks.
A big drawback of such a large hosted service is that if cybercriminals manage to take over one of its accounts, it can be used to spread thousands of phishing attacks. And because these attacks are sent from a legitimate Office 365 account, they are likely to get past Microsoft’s Exchange Online Protection (EOP) and Advanced Threat Protection (ATP).
To combat these growing threats, businesses are turning to third-party email security gateways, and there are plenty of them out there with a relatively standard set of anti-spam and anti-phishing features, so to stand out from the competition, a solid email filtering solution must be easy to use while providing additional features such as archiving, compliance, and reporting.
For businesses on Office 365, Security Gateway offers stronger protection against email-borne threats, with account-verification controls tailored specifically for Office 365 to ensure that only authorized users are permitted to send or receive email.
Of course, Security Gateway does much more than protect your users from spam & phishing. It also includes built-in archiving with retention policies and legal hold for businesses that must meet legal compliance laws or that want a backup & recovery solution for a little peace of mind in the event of an outage or security breach.
Security Gateway also includes Data Leak Prevention (DLP) to prevent sensitive business data such as Social Security Numbers, Tax-ID Numbers, banking info, and much more from getting into the wrong hands. Messages containing confidential data can be encrypted using the built-in email encryption options, or sent to the administrative quarantine for further review. After all, all it takes is a quick Google search to find a list of companies that have suffered steep fines, lost customers, and a damaged reputation due to sensitive data getting exposed.
We know you have choices with your email security solution. At MDaemon Technologies, our team of experts have been in the email security business for over 25 years. And while we have the resources and vision to address emerging messaging, collaboration and security needs into the future, our team is small and agile enough to build relationships with our customers for that personal touch that you just can’t get from a large company.
Earlier this week, I heard an interesting interview on NPR’s Morning Edition with a recent victim of Business Email Compromise (BEC), a growing threat that uses social engineering to exploit human nature in order to divert massive amounts of money to cybercriminals.
Recent Business Email Compromise Trends show Evolving Tactics
First, let’s start with a little background information. In 2013, when Business Email Compromise scams were gaining popularity, attackers typically compromised a legitimate email account belonging to the company president, CEO or CFO in order to request the transfer of funds to an account controlled by the attacker. As awareness of BEC scams has grown, the tactics used by the scammers to avoid detection have evolved as well. These newer deception methods use compromised lawyer email accounts, requests for W-2 records, and the targeting of real estate transactions. Another recent trend involves spoofing a company executive or other position of authority and requesting the targeted victim purchase gift cards for personal or business reasons.
Over the past couple of years, BEC tactics have further evolved into a new trend known as Vendor Email Compromise in which cybercriminals target vendors or suppliers with phishing emails and then send realistic-looking invoices to their customers in order to steal money.
BEC scams have been wildly successful, with $1.2 billion in losses reported in 2018 by the FBI’s Internet Crime Complaint Center (nearly triple 2016 losses). Unfortunately, these are only REPORTED losses. Many incidents go unreported because companies don’t want to risk bad publicity.
While recent efforts by law enforcement agencies have led to many arrests, Michael J. Driscoll, FBI special agent in charge of the Criminal Division for the bureau’s New York Field Office, has named Business Email Compromise the #1 priority – replacing ransomware as the biggest threat facing businesses.
And that brings me to the interview I heard on NPR.
This week on Morning Edition, Martin Kaste interviewed “Mark” (not his real name), the owner of a Seattle-based real estate company and one of the earliest victims of Business Email Compromise. Mark discussed how the attack began and how it evolved.
It started with a scammer intercepting email traffic between Mark and a business partner. For a period of time, the scammer monitored this email traffic and studied their speech, writing patterns and message timing (see Step 1 here). When Mark and his partner discussed a $50,000 disbursement owed to the partner, the scammers took action and inserted their own wire transfer instructions (see Step 3 here).
Mark was convinced the request was legitimate, and transferred the $50,000 (Step 4) to the scammer’s bank account. His partner never received the money. By the time they alerted the bank, the money had already been transferred to an overseas account.
Mark said, “We’re somewhat experienced businesspeople. The idea that we’ve been duped makes you feel pretty stupid,” and as I mentioned, this “shame” element, along with fear of a damaged business reputation, is why many of these incidents often go unreported.
Kaste points out, “The banks weren’t much help, either. Since he was the one who gave the scammers the account number, they saw this as his responsibility. He has learned one thing – never again trust wiring instructions that are sent by email.”
Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user.
Billions Lost to Business Email Compromise
Over the last three years, organizations all over the world have lost a collective $26B to a very specific type of email scam – Business Email Compromise, or BEC. Recently, a BEC scheme in Spain was brought down, but not before taking over €10M. A scammer in Canada impersonated a contractor and fooled city employees out of over $1M. And the FBI is investigating a network of over 80 people across multiple countries in an attempt to use a BEC plot to steal $46M.
Why do BEC Scams Work so Well?
Top 10 Business Email Compromise Protection Tips
BEC emails are advanced phishing scams, and they’re on the rise. But what makes a BEC attack so dangerous, and so effective?
BEC Scams are Highly Targeted
Scammers aren’t blasting thousands of the same email. They’ve done the research, monitoring the company’s website and social pages. They find the appropriate target, and groom them by sending multiple conversational emails, establishing trust.
They Contain No Malware
Unlike the old style of phishing, where users are told to click on a link, BEC emails have no spammy links. This means they can sometimes evade spam filters, and the end user doesn’t see any red flags.
They Exploit Human Nature
BEC emails imitate an actual person, complete with real-looking email addresses, formatting, company names, and titles. The victim has unknowingly been emailing back and forth with the scammer and trusts that they are who they claim to be. So when asked to send bank information, for example, the victim assumes the request is authentic and complies.
They are Often Under-reported
Victims often don’t realize they made a mistake until much later. And even upon realization, many companies don’t report the incident for fear of damaging their reputation with their customers. Not reporting such incidents allows perpetrators to simply move on to their next victim.
Learn How to Stay Protected Against these Email Scams
Preventing losses to Business Email Compromise is the responsibility of both the end user and the IT administrator. To stay protected, follow these tips:
End Users:
Double-check the sender email address & recognize spoofing and other impersonation tactics. MDaemon Webmail displays the full email header to help users identify spoofed emails.
MDaemon Webmail Full Email Header Display
Don’t overshare on social media
Don’t open email from unknown sources
Verify all wire transfer requests via phone or face-to-face
Use SPF, DKIM & DMARC to secure your domain against spoofing
Require two-factor authentication
Require strong passwords
Provide regular end-user training
Run antivirus software often and make sure virus signatures are up-to-date
While traditional security measures such as network defenses and email gateways can be effective at blocking most varieties of spam, the bottom line is that the most critical part of stopping BEC attacks is user awareness and education.
We’re proud to announce that Security Gateway for Email has once again been named a High Performer in Secure Email Gateways by G2 Crowd in their Fall Report. And if you are looking for a hosted solution, Security Gateway also was recognized as a top Cloud Email Security solution.
Security Gateway for Email Servers – High Performer 2019
G2 Crowd awards are based on honest reviews from users. In other words, the product is recognized because of the feedback from users just like you who use the product every day; awards that reflect a superior customer experience.
The data from G2 Crowd speaks for itself – Security Gateway received satisfaction ratings above 90% in the Ease of Set Up, Ease of Use, Ease of Admin, and Quality of Support categories; ratings that exceed the category average scores.
Why Users Love Security Gateway
Easy to Use
SecurityGateway is designed to be simple and easy-to-use. Set-up, configuration and maintenance is easy for the administrator, and every-day tasks like accessing quarantine reports is easy for the end user.
Best Results
With SecurityGateway you get results, which means you DON’T get malicious emails in your inbox. We protect email communications for businesses of all sizes and verticals, regardless of which email platform they use and whether it’s in-house or in the cloud.
Reliable
Try Security Gateway for Free and Compare its performance and Cost to Your Current Solution
Security Gateway is one of the best email security gateways in the market. Find out what organizations of all sizes already know – Security Gateway saves you time, headache and money.
This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients. The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses.
Because the message was sent by a legitimate email service, it was able to bypass Microsoft Exchange Online Protection on its way to users’ inboxes.
No Spam Filter or Email Gateway can Block 100% of All Spam
Spam Filters and Email Gateways have proven quite effective at blocking most of the junk email that gets sent by the thousands on a daily basis, but cyber criminals are always looking for new ways to bypass email security measures through social engineering, new strains of malware, and newly-discovered security flaws reported in Microsoft Exchange Server and cloud email platforms. That’s why user training will continue to be a top priority for all businesses that use email.
Tips to Avoid Phishing and Business Email Compromise (BEC) Attacks
In a prior post, I listed the following 10 tips to avoid falling victim to phishing emails.. Here’s a brief summary. You can read the entire post here.
10 Tips to Identify a Phishing Email
Watch out for messages disguised as something expected, like a shipment or payment notification.
Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
Check for poor grammar or spelling errors.
Hover before you click!
Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice!
Check the Email Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam.
Don’t Enable Macros – Never trust an email that asks you to enable macros before downloading a Word document.
These 10 tips are explained in more detail in this post.
10 Tips to Protect Against Business Email Compromise (BEC) Email Attacks
Business Email Compromise goes beyond standard spam techniques by exploiting human nature and the trust established between employees and members of the executive team. Scammers use social engineering, CEO impersonation, and a variety of other techniques to trick users in accounting, finance, or other high-power positions into transferring money into the scammer’s accounts. These attacks are well-executed and targeted at specific individuals, and often take more time to plan and launch due to the amount of research that goes into these attacks. Cyber criminals use publicly available information on sites such as LinkedIn, Facebook and even the website of the targeted victim to gain insight into the company’s business practices. They will often study the writing styles of the executive team, allowing them to craft convincing emails that appear authentic to employees.
Because Business Email Compromise attacks are often so well-crafted, they are able to bypass standard security measures. These tips should help you identify a Business Email Compromise attempt if one should slip through your spam filter or email gateway.
Train Users to recognize these Common Impersonation Tactics used by Cybercriminals
Domain Name Spoofing
Display Name Spoofing
Lookalike Domain Spoofing
Compromised Account
Secure your Domain by registering similar domains.
Don’t Over-share on Social Media
Use SPF, DKIM & DMARC to protect your domain from spoofing.
No business is too big or too small to fall victim to email-borne scams. In fact, cyber criminals often target smaller businesses based on the assumption that smaller companies are less likely to have the latest security systems in place. MDaemon Email Server and Security Gateway for Email Servers include a variety of features to protect businesses from spam, malware, and leaks of sensitive business data.
fWhen it comes to email archiving, businesses require features that go beyond simple message replication in order to meet expanding regulations. And because every email solution, whether it’s on-premises or in the cloud, needs strong anti-spam/anti-malware filtering, it makes sense to combine archiving and security into a single product. To address the growing demand for a combined email security/archiving solution, archiving was added to Security Gateway for Email Servers in version 6.0.
Security Gateway’s Integrated Archiving Just Got a Lot Better!
With Security Gateway 6.1, the integrated archiving feature received a major upgrade with these new features for legal compliance and cloud email integration:
Legal Hold
Security Gateway’s new Legal Hold feature will prevent emails from being deleted from the archive, regardless of any other settings, user permissions, or retention periods.
Legal Hold – Security Gateway for Email Servers
Minimum Archive Retention Period
Businesses must meet a variety of data retention laws, and these laws vary by country or region. In the United States, many businesses must store archived emails in compliance with the following laws and retention policies:
IRS Regulations (for all companies) – 7 Years
Sarbanes Oxley Act (SOX – For all public companies) – 7 Years
Freedom of Information Act (FOIA – Federal, state & local agencies) – 3 Years
Department of Defense Regulations (for contractors) – 3 Years
Health Insurance Portability and Accountability Act (HIPAA) – 7 Years
To meet these and other growing regulations, administrators can assign a minimum retention period for all archived email messages. During this time, archived messages cannot be deleted regardless of any other settings or user permissions.
Email Retention Period – Security Gateway for Email Servers
Improved Cloud/Hosted Email Integration for Microsoft Office 365 & Azure
Security Gateway’s automatic user creation feature helps reduce administrator workload by verifying whether an email sent to or from a local domain contains a valid email address, and then automatically adding the account once the email address has been verified. With Security Gateway 6.1, this process has gotten much easier for businesses using cloud email services, with a new option to verify users by querying Microsoft Office 365 or Azure Active Directory.
Office 365 & Azure User Verification – Security Gateway for Email Servers
Other New Features
Other new features for Security Gateway include:
Whitelist & Blacklist Search – A search field was added to the Whitelist and Blacklist screens to help administrators find listed email addresses more easily.
Quarantine reports can now be sorted by score. This makes it easier to identify false-positives, which will likely have lower scores.
If you aren’t yet protecting your business email with Security Gateway for Email Servers, visit the Security Gateway product page for an overview of its features, or visit the Download page to download a free trial!
Most of us will likely be immediately suspicious due to all-caps “REMINDER!!!” at the top of the message, but what other phishing clues can you identify?
Phishing attempt with malicious file attachment
In this example, the scammer has used display name spoofing to make the message appear to be from DHL. Most large businesses such as DHL have policies regarding email communications. DHL’s fraud awareness policy, which you can read here on their website, states:
“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus.
Please do not open the attachment. This email and attachment does not originate from DHL.”
But for most of us who remain unaware of DHL’s policies, it’s important to know what to look for to avoid becoming the next victim to phishing scams.
Using the DHL example, I’ve labeled the items to look out for when reviewing a suspicious email.
Phishing Example and What to Look For
No business is too big or too small to educate its users about phishing. After all, it only takes one user to open a malicious attachment and unleash malware vicious enough to take down an entire company. Learn more about how to avoid being the next victim by reviewing these 10 tips to identify a phishing email.
Don’t Risk Losing your Life Savings to Scammers. Follow these 10 Tips to Identify a Phishing Email.
Whether you run a Fortune-500 organization or a small boutique, by now you should be aware of the threats posed by cyber criminals to trick you into clicking a link, downloading an attachment, or parting ways with your money.
Modern day email scams are getting more sophisticated, leading to staggering losses for businesses of all sizes. According to the 2018 Verizon Data Breach Investigations Report, phishing was used in 93% of all reported breaches, with email being the main attack vector in 96% of reported cases.
While these figures are staggering, they continue to rise as scammers reap huge payouts from BEC (Business Email Compromise), CEO fraud and other phishing scams.
The real estate industry is a prime target for phishing because large sums of money change hands and there are various weak links in the transaction process. If any step within the transaction process becomes compromised with a successful phishing email, the attacker could gain access to a legitimate email address from which to launch other attacks. The fraudster could then lie in wait, scanning email messages for financial or transaction related details, and then send off fraudulent wire transfer instructions to an unsuspecting buyer, seller, or agent. For example, this happened to a 31 year-old first-time home buyer in San Antonio, Texas. You can read details about this case here, but the short version of the story is that she felt that she was in a time crunch to send in her down payment and finalize other closing tasks, and felt that the title company was dragging its feet. This state of high anxiety made her a prime target for a phishing email she received stating that she had previously been given the wrong wire transfer information, and that she needed to wire her down payment to a new account. With 5 hours left to get everything done, she attempted to contact her title company to confirm the change, but no one responded, so in a panic, she hastily ran to the bank and wire transferred her $52,000 down payment. Unfortunately, she sent her life savings to scammers.
The phishing industry is so lucrative for scammers because the barriers to entry are low relative to potential huge payouts. With botnets-for-hire and Malware as a Service (Maas), spammers have an impressive arsenal of tools at their disposal to propagate their campaigns, so to fight this scourge, an educated user is the best defense against phishing scams. With this in mind, here are my top 10 tips on how to identify and protect yourself from phishing attacks.
Watch out for messages disguised as something expected, like a shipment or payment notification. These often contain links to malware sites. Hover your mouse over any links to make sure they’re safe. Think before you click! Here’s an example using a phishing email I received claiming to come from HSBC.
Watch for unexpected payment or shipment notices
Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
Check for poor grammar or spelling errors. While legitimate companies are very strict about emails they send out, Phishing emails often contain poor spelling or grammar.
Hover before you click! Phishing emails often contain links to malware sites. Don’t trust the URL you see! Always hover your mouse over the link to view its real destination. If the link claims to point to a known, reputable site, it’s always safer to manually type the URL into your browser’s address bar.
Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice! Legitimate businesses will often use your real first and last name. In our HSBC example, notice the generic greeting.
Watch for generic greetings in email messages
Check the Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam. In our HSBC example, the sender’s name and contact information are missing from the signature.
Watch for generic signatures in phishing email messages.
Don’t download Attachments – With the proliferation of Ransomware as a Service (Raas), spammers have an easy mechanism for distributing malware-laden spam messages to thousands of users. And because the payout for ransomware can be quite high, even one successful ransomware infection could net the spammer large amounts of money. If there’s ANY doubt about the identity of the message sender or the contents of an attachment, play it safe and don’t download the attachment.
Don’t trust the From address – Many phishing emails will have a forged sender address. The From address is displayed in two places. The Envelope From is used by mail servers to generate NDR messages, while the Header From is used by the email client to display information in the From field. Both of these headers can be spoofed. MDaemon Webmail has built-in security features to help users identify spoofed emails. Many mail clients hide the From address, only showing the From name, which can be easily spoofed. In MDaemon Webmail, the From address is always displayed, giving users a clearer view into the source of the email and helping them identify spoofed senders. Using our HSBC example, I’ve highlighted the actual sender.
Phishing email highlighting the actual sending address
MDaemon Webmail will also display information in the Security tag to help users identify messages from verified senders, as shown here.
MDaemon Webmail – DKIM-Verified Sender
Don’t Enable Macros – And while we’re on the subject of ransomware, another common vector for ransomware infections is through macros in Microsoft Word documents. These documents often arrive in phishing emails claiming to have important content from HR, Finance, or another important department, and to trick the user, they request the user to enable macros. Never trust an email that asks you to enable macros before downloading a Word document.
While anti-spam and anti-malware tools are quite effective at filtering out the majority of scams, there’s really no substitute for good old-fashioned user education. Know the potential costs to your business and don’t become the next victim!
If you’re the MDaemon or SecurityGateway administrator and need help with your security settings to help block as much phishing as possible before it reaches your users, give us a call or drop us an email support request.