How E-mail security works?

How E-mail security works?

Introduction

E-mails have always been the focal point of attackers when it came to the very first computer virus or even today in 2022 when attackers use E-mail links and attachments to spread worms or viruses on the Internet.

To make an E-mail hurt you you must act on it. If you delete it then problem is solved. But if the attacker intends you to open an attachment or click at a link, then you become a victim to the nefarious intentions of the attacker.

Bad guys are already reviewing, discussing, and probing security in the shadows. Bad guys have a whole supply chain dedicated to improving their ability to plunder, complete with discussion forums and specialists in all sorts of dark endeavors. The bad guys have unlimited time and creativity and the good guys are out gunned and out manned. Against such an adversary, what CIO in their right mind would want to stand alone? Smart good guys should join forces out in the open for the common good.

Types of online fraud

In general online fraud is a pretty diverse beast. Right from a simple 419 Nigerian scam all the way to a failed online romance, scamming has been taking place on Internet for a really long time now.

Suffice it to say that scamming in the real world simply took another form and works according to the same principles of operation.

If a fool has money then the whole world is interested in him or her parting the same. It is not easy to make the rich person part with the money unless he or she is lured into some Ponzi scheme.

Or some sort of fraud of elaborate scam.

In order to lure someone into doing something like giving money to some fraudster in some other country or jurisdiction that person must be given a story that establishes some form of trust or plays into the greed or fear factor.

Using greed and fear to steal cash

Wikipedia lists several categories of online scams like hitman scam in which someone emails you that if you do not make good a ransom payment then he is going to lose his life.

Then there is romance scam and then Nigerian bank scam in which you are supposed to get some massive sum like upwards of a few million dollars in exchange for paying a small sum to effect the transfer.

Usually these pranksters disappear after you send the money and/or come up with an excuse and demand another small sum.

The money transfer methods are usually Western Union or Moneygram and whatever internet schemes to send money that do not involve tracking.

It is not uncommon to use blackmail or threats of exposure or loss of reputation and most victims are very unwilling to disclose or go to the police to lodge a complaint since they feel upset that they could be cheated.

Usually this also involves them participating in the scam indirectly when they are told this money is stolen or obtained unlawfully or something.

You would have seen many lottery wins when no one ran any lottery or that you never participated in one to begin with.

There are many more methods using which people get attacked but now let us look at a different topic, that of SEGs.

How do secure E-mail gateways work?

A secure E-mail gateway is a piece of software, that sits in between your e-mail server and the outside world inspecting all inbound e-mail to look for phishing URLs, malware attachments, viruses worms and other forms of e-mail related spam.

To deploy a secure e-mail gateway the MX record in DNS is pointed to the secure gateway ’s IP address in lieu of the mail server in order to protect the emails by using an SMTP proxy technique.

Using an SMTP proxy the e-mails pass through the secure email gateway which stops unwanted email related annoyances allowing only the good mails.

At least that is what they are supposed to do. And this is why SMBs/SMEs invest millions of dollars in purchasing and maintaining secure email gateways as spammy e-mails not only damage employee productivity they also result in financial loss and companies could be liable to pay a penalty in some cases.

The purpose of secure email gateway is not just spam protection as they can allow companies to implement corporate policies of e-mail related surveillance, blocking certain senders or recipients and control the world of e-mail in short.

You can also add an inbound disclaimer or manage E-mails effectively by inspecting analytics and real time graphs provided by gateway tools.

What is the role of humans in protection?

In the world of E-mail threat control, secure e-mail gateways alone can only do so much. And take you so far.

End user training plays a big role too,that is why many companies also provide end user training to detect phishing URLs, spam e-mails and mentor your employees against the popular abuses that exist in the E-mail ecosystem.

By running some case studies and appropriate end user training, a great deal of social engineering centric e-ail phishing and other attacks can be thwarted and you can benefit a lot by training end users.

But one must remember that in a hierarchical environment that works under stress without a clear process, any targeted attacker can abuse the situation by sending an e-mail when he knows the decision maker is out of town or not available and they typically target accountants and people with authority to send funds in some pretext.

It is not uncommon to see people wilt under pressure and all it takes is an E-mail and some fraudulent website to steal account information. Once the damage is done, typically companies do not report fraud for fear of being exposed.

Phishing

I think phishing is by far the biggest threat and dealing with whaling or BEC or CEO fraud is one of the most difficult. Particularly when you have a very hierarchical non technical userbase.

In terms of the ability to hurt, perhaps phishing or using fraudulent URLs that look similar to reputable banking or financial firms but are in fact quite the opposite is one of the uppermost.

Despite phishing being as old as the hills, even in 2022 phishing based revenue losses are going to run into 100s of millions of dollars worldwide. The reason for this is plain old human stupidity greed and the ineffectiveness of tools that can protect you from phishing attacks.

Remember with all the tools available humans are still gullible emotional at times irrational creatures and this is precisely what phishing attackers bank on.

What is malware?

These are the list of known malware categories.

  • adware,
  • backdoor,
  • bot,
  • ddos,
  • dropper,
  • exploit-kit,
  • keylogger,
  • ransomware,
  • remote-access-trojan,
  • resource-exploitation,
  • rogue-security-software,
  • rootkit,
  • screen-capture,
  • spyware,
  • trojan,
  • virus,
  • worm

Indicators of compromise (IOCs) are “pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.” Indicators of compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat

  • Unusual outbound network traffic
  • Activity from strange geographic areas
  • Unexplained activity by Privileged User Accounts
  • Substantial rise in database read volume
  • High authentication failures
  • Lots of requests on important files

References

Malware analysis Phishing awareness

Back to homepage



Download 30 day trial of SpamCheetah