Changing tactics of e-Mail based cyber Threats
e-Mail, has become the favourite tool for cyber criminals. In recent years cyber criminals have devised techniques that are so effective that they can even fool a cyber security expert. Cyber criminals send socially engineered emails seemingly coming from direct managers, friends and even spouses all with the goal of convincing the target to click on a link or open an attachment. Various types of email attacks including Business email compromise, Ransomware, Banking trojans, Phishing, Social engineering, information-stealing malware and spam. Cyber criminals target women through e-mail with catchy titles. Attack techniques are ever-evolving and adapt with technology in an effort to stay ahead of security professionals. While most women are targeted with fake e mails offering gifts or threatening messages. Cyber threats against women should make us get involved to explore ways to stay safe. Let’s check out the different ways in which the attack can happen through e-Mail.
Different possible ways of Email threats
Malicious email attachments are an increasingly dangerous threat to corporate security. Disguised as documents, voicemails, e-faxes or PDFs, malicious email attachments are designed to launch an attack on the victim's computer when the attachment is opened. By opening or executing such attachments malicious code may download into your system and can infect your system.
- Always scan the attachments before you open them.
- Never click on links received in emails from strangers
Another concept to bypassing file upload validation is for an attacker to abuse double extensions where an application extracts file extensions by looking for the '.' character in the filename, and extracting the string after the dot character. A file named filename.php.123 will be interpreted as a PHP file and it will be executed.
Use file upload forms with whitelisting approach. With this approach, only files that match a known and accepted file extension are allowed.
Sometimes e-Mails are received with fake e-mail address like firstname.lastname@example.org by an attachment named, “Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91exe" that, the e-mail claims, contains the user's new facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software.
- Always check and confirm from where the e-mail has been received, generally service people will never ask or provide your password to change.
- If you subscribe to e-mail or text alerts from your bank or financial institution, you should be familiar with the format, content, and address of these messages. Be suspicious of anything you receive that is out of the norm.
Spammers get e-mail addresses from newsgroups, unscrupulous Web site operators who sell e-mail addresses to them. Also they may just get lucky by guessing the email. Spam messages may trouble you by filling your inbox or your e-mail database. Spam involves identical messages sent to various recipients by e-Mail. Sometimes spam e-mails come with advertisements and may contain a virus. By opening such e-Mails, your system can be infected and your e-Mail ID is listed in spammers list. Spam can lead to network congestion, clutter your mail and also can have Malware.
- Use a Quality Email Filter: This can prevent you from coming into contact with a cyber-threat.
- It is always recommended to ignore or delete spam e-mails.
- Never, ever, unsubscribe or reply to a spam e-mail. This only confirms to the spammer that your e-mail address is real.
These appear very authentic, and often include graphics and logos that are actually from your bank. There may even be a link that actually takes you to your bank’s Web site. Even if you don’t enter any personal information, clicking the link can infect your computer with data-stealing malware. Sometimes e-Mails are targeted at you by unknown users by offering gifts, lottery, prizes, which might be free of cost, and this may ask your personal information for accepting the free gift or may ask money to claim lottery and prizes it is one way to trap your personal information.
- Look for grammatical errors in the e-mail
- Always ignore free gifts offered from unknown users.
Hoax is an attempt to make the person believe something which is false as true. It is also defined as an attempt to deliberately spread fear, doubt among the users.
- Since the e-Mail messages are transferred in clear text, it is advisable to use some encryption software like PGP (pretty good privacy) to encrypt email messages before sending, so that it can be decrypted only by the specified recipient only.
Since a backup is maintained for an e-Mail server all the messages will be stored in the form of clear text though it has been deleted from your mailbox. Hence there is a chance of viewing the information by the people who are maintaining backups. So it is not advisable to send personal information through e-Mails.
The most effective preventive strategy is to educate yourself and members within your organization on potential email security threats. Be sensible email users so that possible conflicts are avoided as much as possible.