" phishing Archives - Page 2 of 2 - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘phishing’

7 Common Misconceptions about DKIM in the Fight Against SPAM

Monday, August 18th, 2014

The popularity and prevalence of DKIM in the fight against SPAM is growing such that as of August, 2014, 47% of the most popular domains in the USA are DKIM-enabled (reference); globally, that number is 38%.  The trend is steadily upward and we expect DKIM use to be pervasive within a few more years.

DKIM, Domain Keys Identified Mail, is still a magic techno-jargon black box to most people. It’s “something” you gotta “add to DNS” to help stop SPAM or make your email “appear more legitimate”.  Beyond that (and even what DNS actually is) … many people are stumbling to know what is going on.

Here are 7 misconceptions about DKIM that we have seen, and the explanations that can steer you back on  track:

1. DKIM stops SPAM

Many folks believe that enabling DKIM for their domain and DKIM filtering for their inbound email will stop SPAM from reaching them.  Certainly using DKIM filtering on your inbound email will cut down on SPAM and using DKIM for messages sent by you can help others verify your email is legitimate; however, it does not actually stop spam.  In fact, it can make some SPAM look more legitimate.

Read the rest of this post »

Secure? Google Mail Getting Increasingly Less Private

Thursday, December 19th, 2013

In the news this week: Gmail is trying to make its web interface faster and a little safer … but are they trading away some of your privacy in the process and making Gmail addresses better targets for email marketers?

What is Google Doing?

Instead of waiting for you to click a “show images” button on every message that is displayed, Google is pre-loading all the images on their servers, scanning for viruses, and then displaying them automatically inline. You can turn this off in your Settings.

On this surface, this gives you:

  1. Images right away — fewer clicks
  2. Safer images — they have been scanned for viruses and malware

Sounds good so far, but…

Read the rest of this post »

Prevent email phishing attacks with real-time link click protection

Thursday, June 20th, 2013

LuxSci’s Premium Email Filtering service, which works with LuxSci-hosted and externally-hosted email, has a little known feature called “Click Protection” which actively protects end users from phishing attacks and malware.

Some of the most common forms of malicious email involve links which:

  • Send you to a “phishing” web site: one which looks like a legitimate site (e.g. Bank of America) but which is not. These sites try to get you to give up personal or financial information for malicious uses. More on phishing and social engineering.
  • Send you to a site infested with malware: sites which include content that downloads viruses, spyware, or other unwanted programs onto your computer without your consent or (sometimes) even your knowledge. All you have to do is click on the link and you could be infected (depending on what security vulnerabilities are currently open on your computer / browser).

These are nasty. Premium Email Filtering (and indeed many filtering solutions) try to detect such emails and links in messages and block the messages outright as malicious. However:

  1. For new threats, some messages may get through to recipients before these web sites are identified as malicious.
  2. The links may point to valid malicious web sites which later, after the emails are successfully delivered to the unsuspecting recipients, are updated to contain malicious content.

So, it is quite possible for email messages with not-yet-malicious or not-yet-known-to-be malicious links to make it through any filtering system and land in your user’s INBOXes, endangering their computers and identities.

Read the rest of this post »

What is Social Engineering?

Friday, July 1st, 2011

It is often thought that Viruses and Malware are the biggest threats to your personal information, but there is even a greater threat that often goes undetected. Social Engineering is a technique used by people to gather your personal or secure information without you even thinking twice about giving it away. Social Engineering is most often performed over the phone, but could just as easily be done via email, text messaging, or any other form of communication; you can be Social Engineered by anyone.

In the most basic form, Social Engineering is when someone poses as someone else (i.e. a trusted friend or colleague) to trick you into divulging sensitive information.  “Hey, this is PayPal, please follow this link and re-enter all your banking details — its ok, really!

Read the rest of this post »

Recipe: Completely Secure Collection of Web Form Data using SSL and PGP or S/MIME

Tuesday, March 17th, 2009

The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that

  1. no one but you (or optionally your authorized staff) can intercept or read the information,
  2. the information is never stored insecurely anywhere
  3. the information cannot be modified without your knowledge

Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:

Read the rest of this post »