" phishing Archives - LuxSci

Posts Tagged ‘phishing’

How Email Filtering Prevents Cyberattacks

Tuesday, September 20th, 2022

Almost every business uses email as a primary communication channel, and as a result, it is a major attack vector for cybercriminals. Every employee’s email account represents a possible risk to your business operations. One way to protect employee accounts is with email filtering tools.

email filtering

The Risks of Email Communications

Email is a necessary business communication tool. However, it also introduces significant risks. A 2019 HIMSS survey found that 70% of breaches originated with a phishing email. It’s unrealistic to stop people from using email, so the next best step is protecting accounts and reducing risk.

Social Engineering Risks

The number one threat to any cybersecurity program is human error. Phishing campaigns are so successful because they prey on human vulnerabilities. Everyone makes mistakes. Even the most cautious people can be caught up in a busy day and accidentally click on a malicious link without adequately vetting the sender.

By stopping these malicious emails from entering the employee’s inbox, there is no chance they will mistakenly click on them. Although phishing training is still essential in case emails get through the system, a good email filtering service will stop most suspicious messages.

What is Email Filtering?

Email filtering tools prevent malicious messages like spam from reaching inboxes. Filtering tools scan the incoming emails for signs of cybercrime- these could include bad links, content used by known spammers, or other indicators. Email filtering stops suspicious emails from being delivered to the intended recipient.

How Email Filtering Works to Stop Spam

There are many ways to filter emails, some of which are more restrictive than others. Every email filtering service is different, so we are speaking in generalities for informative purposes. However, the process works the same way. All incoming emails are scanned to see if they contain any information that violates the filter settings. Traditionally, the filter scans both the email header and the message contents.

The email header contains information about the sender, including their IP address, email domain, sending address, security signatures, and other technical information about how and when the email was sent. Email filters will flag messages sent from suspicious senders and known spammers. Email filters can be so restrictive as to entirely stop incoming emails from external organizations or domains.

Filtering systems also scan email message contents. Phishing schemes rely on unsuspecting users clicking on links to install malware on a user’s computer. Email filtering systems can scan and remove links to known suspicious websites. Organizations can go further and configure their filtering systems to remove all links in emails. This may be too restrictive for some, but it is an option for some filtering tools. In addition,  scanners can flag emails for spammy content. Some commonly flagged messages include overly promotional marketing emails, messages with adult themes, and those that mention illegal activities.

Once the suspicious emails are flagged, then what happens? The settings are often configurable. Some email filtering systems add a banner to the top of scanned messages that alerts the user to any risky-seeming content. However, once users are accustomed to seeing it, they may ignore or not notice the warnings.

The most common solution is to divert flagged emails to quarantine. There, users can review the messages to determine if they are spam or not. Sometimes unsuspecting messages get caught up in filters, and this gives the intended recipient a chance to retrieve wanted messages. For extremely conservative organizations, the system can automatically delete flagged messages and never deliver them to the inbox out of an abundance of caution.

Conclusion

Everyone should be concerned about the rise of cyberattacks and the potential risks to their businesses. Use an email provider that offers sophisticated email filtering services. LuxSci’s Premium Email Filtering is an available add-on to our Secure Email Hosting and Secure Connector solutions.

How to Avoid Business Email Compromise Attacks

Tuesday, July 5th, 2022

Business email compromise (BEC) attacks are on the rise and are poised to eclipse ransomware as the biggest threat to cybersecurity. Since 2016, $43 billion has been stolen through BEC. Even more concerning, there has been a 65% increase in BEC from 2019 to 2021. This article explores what business email compromise scams are and what steps organizations can take to avoid them.

business email compromise

What are Business Email Compromise Attacks?

In business email compromise scams, attackers infiltrate or impersonate a legitimate corporate email account. They then send phony invoices or initiate contract payments that trick unsuspecting businesses into wiring money to criminals.

These scams rely on humans making the wrong choices. Some examples of business email compromise scams include:

  • A criminal impersonates a vendor and sends a fake invoice to the accounting department.
  • Someone who appears to be the company CEO asks an assistant to make a wire transfer to an unknown account.

Some of the tactics used include:

  • Domain name spoofing: Domain name spoofing involves changing the sender’s “From” address to match the recipient’s domain in the message envelope. Criminals can also use a legitimate domain as the “From” address and a spoofed “Reply-To” domain in the message header.
  • Display name spoofing: The attacker registers a free email account to impersonate a vendor or employee. The attacker would configure the display name to match the employee’s name and then send phishing messages from this account. This technique is effective because recipients often only look at the display name, not the email address. In fact, many email clients will only show the display name when viewing the message, making it easier to hide the sender’s real identity.
  • Lookalike domain spoofing: The attacker may register fake domain names that contain characters that look similar to those in the actual domain name. For example, replacing the lowercase “l” in luxsci.com with an uppercase “I.” The criminal will send phishing emails from this domain to trick the recipient into thinking the message is legitimate.
  • Email Account Compromise: Another common tactic is taking over legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

How to Prevent Business Email Compromise Attacks

One of the reasons that business email compromise attacks are increasing is because they are often successful. Email filters and content scanning can do little to stop sophisticated social engineering attacks. Nevertheless, there are steps that organizations can take to stop BEC scams.

SPF, DKIM, and DMARC

Implementing technical controls can help prevent BEC scams from succeeding. As discussed above, many attacks use display or domain name spoofing to impersonate company accounts or individuals.

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing email authentication techniques that use DNS records to validate the sender of an email. Ensure the organization’s domain has valid SPF, DKIM, and DMARC records. Make sure the email provider analyzes all inbound email traffic using these tools.

Viewing the headers of a suspicious message is also an excellent way to detect fraudulent domains. See Gmail, Outlook, Apple Mail, and More: How to View Headers in Email to learn how to see these in the most popular email clients. This can help reveal the actual sender of someone using a spoofed domain or display name.

In addition, implementing email filtering and scanning tools can help flag suspicious links and protect against phishing attacks.

Employee Training

Helping employees recognize business email compromise scams is essential to avoiding them. All employees, not just those with access to sensitive data or financial information, should understand the tactics used by cybercriminals in BEC scams.

Employees should be aware that attackers can use the information they share online via social media against them. Birthdates, pets’ names, nicknames, and information about time off can be used to impersonate others and trick individuals.

Ensure employees are implementing strong passwords and using multifactor authentication to prevent account compromise and stop them from changing account credentials.

Policy and Procedures

Creating clear policies and procedures can help alleviate confusion and prevent individuals from taking action without thinking. For example, organizations should have clearly defined procedures for how and when vendors will send invoices and be paid. That way, when an unexpected email comes in from a “vendor,” employees will know what to do. It’s also essential to keep up-to-date contact information for vendors and employees. Many BEC schemes ask recipients to call a phone number with account credentials or payment information. If the number differs from the contact information on file, it’s wise to pause and call the contact through established channels to confirm the message’s accuracy before proceeding.

By creating clearly defined and enforced policies and procedures, it will be very obvious when deviations occur. Empowering employees with the tools they need to identify business email compromise scams will help protect your company and keep financial information secure.

5 New Year’s Resolutions to Improve Your Cybersecurity

Tuesday, January 4th, 2022

Happy New Year! Start the year off by making a New Year’s resolution to improve your cybersecurity. Here is LuxSci’s list of what your organization needs to do to prepare for the new year.

cybersecurity new year’s resolution

Read the rest of this post »

Creating Secure Websites and Forms: What You Need to Know

Tuesday, October 26th, 2021

Creating a website with “secure” components requires more than slapping together some web pages and adding an SSL Certificate. All a certificate does is create a thin veneer of security. It does not go very far to protect whatever sensitive data necessitated security in the first place. Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, what do you do beyond paying big bucks to hire a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure websites and forms and what you can do to address them. At a minimum, reading this article will help you intelligently discuss your website security with the developers you ultimately hire.

creating secure website forms

Read the rest of this post »

Why the Healthcare Industry is a Target for Cybercrime

Tuesday, September 21st, 2021

Healthcare data seems mundane- but in the hands of a cybercriminal it can be quite valuable. Medical records contain private information that can be used to blackmail or impersonate others. Even if you aren’t a public figure with a sensitive medical condition, the financial and personal identifiers found in medical records make them a target for cybercrime.

healthcare cybercrime

Read the rest of this post »