Most cyber threats enter your network via email. So naturally, anytime new email security vulnerabilities emerge, it’s big news. Security researcher, engineer, & tech columnist Ax Sharma joins us to discuss a recently discovered method for bad actors to manipulate HTML emails. He tells us how with just some simple code, the “external sender” warning from many organizations can either disappear, or change. We talk about why email security vulnerabilities like this put an even greater onus on the user, and how to combat the issue. On top of that, Ax provides greater detail on the recent Facebook story, involving the data leak of more than 500 million users. Hear how it went down, and what could happen next.
In headlines, it’s a mix of ransomware and SolarWinds. First, we talk about a ransomware attack on the DC Metro Police Department. And then, we hear a new update that Russia may not be done with its SolarWinds breach victims. And finally, we discuss the state of ransomware today, its cost and why paying rarely solves everything.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week, and our knowledge hub.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at email@example.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
The local fire department is reaching out to let our small business know that we’ve passed our inspection. Very important! Or is it? Let’s take a close look at an innocuous email that slipped into a Firewalls.com inbox in an article we’re calling “Anatomy of a Phishing Email.”
How phishing attacks work
Building false trust – The above email was definitely targeted. By providing accurate information about our company, street address, and employee names, this attacker was attempting to build trust with the recipient. Social engineering attackers often attempt to impersonate legitimate mail senders by doing pre-emptive research on their targets.
Setting the bait – Phishing attackers are always on the lookout for some theme to build their scam around. This bait often relates to trending news topics, routine business processes, or impersonating someone you know. In this example, our phisher relied on quarterly fire inspections in an attempt to trick our recipient. Fire inspections are routine, but infrequent enough that the average employee will not have much knowledge about their last checkup. On top of that, the setup sounds critical to everyday business operations at first glance.
Springing the trap – Fortunately, our team was quick to spot the fake. This attacker wanted our recipient to visit a certain URL where something far more nefarious lies in wait. Here, the attackers provide a hyperlink that they know will not function properly and provide further instructions to manually enter a URL, rerouting victims to their intended trap.
How can you spot a phishing attempt?
There are several questions you should ask yourself if you think you may be the target of social engineering. Here are a few things that stuck out to Firewalls.com that made us suspicious.
Sender legitimacy – Is your local fire department really going to send you an invoice by email? Have you ever received an email from this person/organization before? Most businesses and institutions won’t suddenly reach out to you via a new platform without some warning first. If the legitimacy of the senders gives you pause, you may be a target!
What information do they know about me? – Building trust by personalizing phishing emails to their target is common sense. You are more likely to believe hackers’ schemes if they seem to have accurate information about you. However, what exactly do they know? In this case, our attacker seems to know an email address, company name, and a physical address. Impressive at first sniff, but this is all publicly-available information! Never take the bait just because it has your name on it.
What is being asked of me? – While the initial setup seems believable enough, this ruse starts to fall apart when you peel back the layers. Why would the fire department send me a link that they know is broken? Why send complicated instructions on how to manually edit URLs to work around a defunct web portal?
Does it all match up? – If an email says it is from the local fire department, but the send domain contains something completely unrelated (mobile-eyes?), you may be onto something! In this example, the attacker is instructing our recipient to visit a web domain that has nothing to do with fire inspections. More like “mobile-eye-don’t-think-so.”
What to do if you think you received a phishing email
Never spring the trap – First and foremost, do not click anything! Links, attachments, replies, forwards—leave it all alone. You cannot be breached simply by receiving the email, so stop while you are ahead.
Get IT involved – Alert your IT team and immediate supervisors. If you have even an inkling of doubt about the legitimacy of an email, there’s no harm in getting a second opinion from an expert. Reach out to your IT department for further guidance.
Block the sender – If this is just one attempt in a more persistent or complex spearphishing campaign, there will be further emails brewing. Blocking the email domain of a bad actor prevents a future lapse in judgment or mistake from providing a second point of entry for foiled attackers.
Rely on defense-in-depth – Want to know the easiest way to sidestep an attempted phishing scam? Do not let it ever land in your inbox. Defense-in-depth network security strategies employ email encryption, cloud-based sandboxing, and Time-Of-Click protection to provide email security before, during, and after delivery of suspicious messages. Tools such as SonicWall Capture Advanced Threat Protection and Barracuda Essentials take the guesswork out of checking your mailbox.
Ransomware and malware delivered through phishing emails are more rampant than ever before. Whether hackers are relying on coronavirus scams, election news, Black Friday deals, fire inspections, or otherwise, there’s always some new social engineering scheme on the horizon. Protecting yourself starts with educating yourself against these attacks. Stay safe while holiday shopping by tuning into our podcast episode “Black Friday Becomes Cyber November 2020” featuring Dan Lohrmann.
Want to learn more about phishing and social engineering?
The best email security solution ends up pulling a lot more weight than most network security services in 2020. Unless you live under a rock, you are increasingly aware of the ransomware scourge plaguing small businesses and enterprises alike. Email security targets advanced threats where they’re most likely to attack: your inbox. Thanks to social engineering schemes, your small business email service is a big, flashing target for hackers looking to infiltrate the network. Business emails are exceedingly vulnerable to advanced threats, like:
Phishing & spearphishing
Cloud-based malware droppers
Business Email Compromise & account takeover
Impersonation & fraud
What makes email-borne attacks so efficient and how can you stop them in their tracks? We’ll break down the four best email security solutions of 2020, explain how they rebuff the bad guys, and help you find the email security solution that best fits your network needs.
How does email security keep you safe?
Email security solutions are often multi-faceted platforms that integrate several moving pieces to form a cohesive, defense-in-depth strategy. Email security monitors both inbound and outbound email traffic, allowing networks to scan the contents of messages and attachments to determine their intentions. Pair this with other fail-safes such as a cloud-based sandbox, anti-spam, and anti-malware services, and you’ve got a robust system that can keep an eye out not just for viruses, but also for sensitive data exfiltration and impersonation attempts.
Modern email security appliances and services offer multi-layered security by scanning all email contents, URLs, attachments, and headers with advanced analysis techniques. These techniques recognize threats based on their behavior, NOT by relying on known threat signatures. Just as the bad guys train to imitate the way you write messages, the best email security solutions are experts at spotting subtle clues in messages that betray malicious intentions.
What to look for in an email security solution
Email security solutions need to be more than just effective; they also must be user-friendly. Simplifying the challenges of network security is crucial to a network security infrastructure that meets your business goals. The best email security solution for small businesses is one that’s easy to setup and manage.
Other factors to look for in the best email security solution for your needs include:
Email spooling that allows for business continuity even during Internet loss or power outages
Message archiving to make regulatory compliance audits easier
Users protected from clicking on malicious links across any device or location with time-of-click URL protection
Granular Data Loss Prevention & compliance policies protect data
What makes SonicWall TotalSecure one of the Best Email Security Services in 2020?
SonicWall Email Security appliances and software provide multi-layered protection from inbound and outbound email threats and compliance violations by scanning all inbound and outbound email content, URLs and attachments for sensitive data. What’s more, they deliver real-time protection against ransomware, targeted phishing attacks, spoofing, viruses, malicious URLs, zombies, directory harvest, denial-of-service and other attacks.
TotalSecure Email leverages multiple, patented SonicWall threat detection techniques and a unique, worldwide attack identification network.
What Qualifies Sophos Advanced Email Protection as one of the Best Email Security Services in 2020?
Sophos Email integrates in real-time with Sophos Central, an intuitive console for managing all your Sophos products. By extending Sophos Synchronized Security to your inbox, you ensure email security integrates into your entire network security posture.
Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity awareness training, and next gen endpoint protection, all from a single mobile-optimized portal.
Real-time detection of dynamic threats constantly updates with 24×7 threat intelligence
Outlook plug-ins & mobile apps for easy user access
Barracuda Cloud Email Archiving integrates with Exchange & other cloud-based email services to create an indexed archive
What Qualifies Barracuda Essentials as one of the Best Email Security Services in 2020?
Barracuda Essentials filters and sanitizes all messages before delivery to your mail server. This protects your network from email-borne threats and social engineering before users even have a chance to click a link. Barracuda Essentials combines virus scanning, reputation checks, URL protection, spam scoring, real-time intent analysis, and other techniques to monitor threats across all potential attack vectors.
Fortinet FortiMail Appliances
Outbreak protection, content disarm & reconstruction, sandbox analysis, & impersonation detection combined into a single hardened appliance
Prevent data loss with powerful, identity-based email encryption
Integrate with full suite of Fortinet products as well as third-party Fortinet Fabric Partners by sharing Indicators of Compromise across Fortinet Security Fabric
What Qualifies Fortinet FortiMail as one of the Best Email Security Services in 2020?
FortiMail secure email gateways stop volumetric and targeted cyber threats to secure dynamic attack surfaces. FortiMail also prevents the loss of sensitive information and simplifies regulatory compliance. Offered as high-performance physical and virtual appliances, FortiMail is flexible enough to deploy on-site or in the public cloud to meet a wide range of business goals and security needs.
Looking for the best email protection for your small business?
Give us a call at 866-957-2975 to find the perfect fit!
Barracuda Essentials is an email security solution ideal for small businesses and mid-sized organizations looking to deploy simple, yet feature-rich inbox security. Barracuda Essentials includes a ton of anti-virus, anti-spam, and advanced threat protection elements that prevent email-based attacks. That includes protection against phishing and other social engineering attacks. Oh and by the way, email is the most common vector of attack against SMBs. In fact…
Did you know… 91% of cyberattacks start with an email
Barracuda Essentials provides cloud-based, advanced protection as well as encryption and data leakage protection. What’s more, no additional hardware or software is necessary to add cloud-to-cloud message archiving. With all these powerful features combined, you have no reason to fear ransomware.
Email Continuity of up to 96 hours means your small business can keep sending and receiving business-critical messages even if you experience email outages or loss of Internet. How does it work? Emails fail over to a cloud-based service, letting you use emergency mailboxes so there’s no interruption.
Barracuda Essentials locks down small business emails, cutting off the #1 attack vector for modern threats. Most importantly, all these services are cloud-based, meaning there’s no need to download additional software or find space in your server rack for another appliance. This cloud-based protection includes:
Quickly filter your entire volume of inbound email traffic to detect & block email threats. Barracuda Essentials protects inbound traffic with advanced features like spam scoring, intent analysis, and reputation checks. Barracuda Essentials is backed by 24×7 threat intelligence from Barracuda Central. To sum up, this global operation center constantly monitors new threats and empowers onboard AI to automatically detect and respond to incidents—even zero day threats.
Easily meet compliance & maintain productivity
Barracuda Essentials includes cloud archiving that is easily searchable, tamper-proof, and redundant. Above all, this simplifies compliance with easy e-discovery, allowing you to search and filter historical message archives to easily locate specific emails.
Ransomware is a huge concern for small businesses. Loss of important data can be devastating whatever the cause, but cloud-to-cloud backup eliminates the threat entirely. Barracuda Essentials cloud-to-cloud backup lets you easily restore your data in the event of a loss. In sum, this minimizes downtime, letting your business get back to what it does best. Cloud-to-cloud backup includes unlimited storage, so Barracuda Essentials is an ideal solution to grow with your business.
Easily meet compliance demands
Reduce ongoing legal risks
Automatic de-duplication minimizes storage footprint, saving you money
Productivity is a huge concern for small businesses. If inbound and outbound email stops flowing, the lifeblood of small business stops too. With email spooling, you do not have to fear email downtime. Up to 96 hours of email spooling keeps you rolling even in the face of major outages.
Block spearphishing attacks with Barracuda Sentinel
Barracuda Essentials teams up with Barracuda Sentinel when you buy the cost-efficient Total Email Protection bundle. Sentinel defends users on your network from the latest social engineering attacks by utilizing artificial intelligence. And it’s very intelligent. To clarify, Barracuda literally learns the way you write emails to other users in your organization to determine if an account has been taken over or impersonated. This granular user awareness is unprecedented in its ability to predict potential account takeover.
Barracuda email security is more than just one product – it’s a philosophy. If you’ve spent any time following cyber threats, you know that email is a favorite point of entry for hackers. And while training your workforce to spot email threats is a must, humans are in fact human. That means you need a comprehensive plan to keep your network safe. In fact, comprehensive is a great word to describe Barracuda email security. It encompasses a variety of solutions with options for any business need. So let’s dive into some of the components of Barracuda’s email security lineup.
What is Barracuda email security used for
Use Barracuda email security to protect your network from all manner of email-borne threats with multi-layered protection. Those layers include:
Defense at the gateway
Protection from fraud
Greater user security awareness
In sum, deploying the right Barracuda solutions gives you peace of mind that hazards like spam, phishing messages, viruses, and more won’t bring down your network.
How does Barracuda email encryption work
Barracuda email encryption comes through two possible methods: the Email Security Gateway appliance or the cloud-based Barracuda Email Security Service. Both offer secure, outbound email encryption, with multiple policies available that give admins granular control over exactly which outbound emails to encrypt. Once administrators decide on specific policies, users can send emails – and any attachments – that match policy to the Barracuda Message Center with secure TLS encryption.
Backing up a bit, email encryption ensures that only the intended recipient can access an email and its attachments. Traditionally, that access for recipients is tricky, as they’ll need an encryption key. In this case, the web-based Barracuda Message Center handles everything. First, the recipient receives an email notifying them that they have an encrypted message with a link to the message center. Next, the user must choose a password upon first accessing the center. Then, they can view their encrypted messages, download attachments, and reply – all through the Barracuda Message Center. And the best part, once users choose a password, they can use it anytime they need to access subsequent encrypted messages.
What is Barracuda spam filter
Barracuda spam filter stops spam emails that often make it through other email filters. It does so without blocking important messages, thanks to one of the industry’s lowest false-positive rates. Just like Barracuda email security as a whole, spam filtering is a multi-pronged effort. The award-winning spam filtering technology finds email from known spammers, analyzes any embedded URLs to find malicious links, and even catches spammers’ attempts to evade filters by placing embedded text within images.
You may be thinking, won’t these processes slow down email delivery? Barracuda thought of that too, and the answer is no. These spam detection processes take place in the Barracuda cloud, so they don’t slow you down. Spam emails are pre-filtered before they reach your server. That means you also get protection from denial-of-service (DOS) attacks that spammers may launch your way.
How do you use Barracuda spam filter
You get the award-winning Barracuda spam filter through Barracuda Essentials, an all-in-one, cloud-based email protection platform. Barracuda Essentials combines spam filtering with Advanced Threat Protection, which filters more hazards including email-based malware and even zero-day threats – as we know that spam filtering is just one part of the email protection puzzle.
And Barracuda Essentials doesn’t stop at inbound email filtering. In essence, it’s a way to get your business – regardless of size – into Barracuda email security as a whole. This combines inbound filtering with:
Outbound email filtering
Email retention enforcement
Full backup and recovery of every email/file
In other words, it not only protects your network from incoming email threats, it also safeguards against data loss with data leak protection policies and the aforementioned encryption. And it’s got your back with full cloud backup and recovery of every email and file.
How much does Barracuda email security cost
How much Barracuda email security costs depends on which solutions you deploy and the needs of your business. If you’re a business with about 50 employees for example looking for the comprehensive protection of Barracuda Essentials, you can get it for under $150 a month.
Barracuda Essentials is available for deployments as small as 10 users or as large as 10,000-plus, with prices per user going down the larger the company. Get started with Barracuda email security today!
While quality network security appliances are crucial for your organization’s success, there are more factors at play when it comes to ensuring your network functions at the highest levels possible. That’s why, in addition to top-notch hardware, we have a staff of manufacturer-certified experts offering a variety of customized solutions to help your network excel. Our engineers, located on-site at our Indianapolis Security Operations Center, can assist with anything from email security to phone systems. We offer both hourly support contracts and one-time security services.
In our first post of our Pro Services Spotlight series, let’s take a closer look at a few of the Professional Services we offer that help add punch to your network security.
Firewall Health Check
So you’ve purchased your firewall and it’s been up and running for a year or two. But when was it last updated? The ever-changing landscape of online threats–including viruses, malware cocktails, and ransomware-as-a-service–means you can no longer “set it and forget it” after installing a firewall.
With a Firewall Health Check, our experts review your firewall configuration & settings to determine if there’s room for improvement in your security posture. If there is, they’ll make sure to bring your firewall up-to-date with the latest policies, configurations, best practices, and more. Our engineers assess every nook and cranny to ensure you’re ready to combat the next wave of threats.
Whether you have dozens, hundreds, or thousands of users, email is often the easiest route for hackers to infiltrate your organization. A seemingly innocent click by an employee can expose your network to a litany of problems.
With Email Security Services, our experts configure SMTP, POP3, & IMAP settings to protect your business from threats such as phishing, domain spoofing, and other social engineering scams. Your appliance can also be configured to block sensitive information such as credit card information, social security numbers, and log-in credentials to knock out suspicious emails before they touch your network.
Over 60% of web traffic hides behind encryption. How does your security hardware know whether data is safe? Deep Packet Inspection (DPI). Our engineers take on the complex task of enabling your network for deep packet inspection to scan all traffic, encrypted or otherwise, for the latest advanced threats.
We also offer expert help for deploying trusted certificates that signal to customers and visitors that your site is secure. This helps your business establish customer trust and increase visibility to search engines like Google and Bing.
These are just a few of the many Professional Services our Firewalls.com experts offer. If you’re interested in one or all of them, see our full suite of options or call us today at 317-225-4117 to learn more.
Over the last year, Google has teamed up with University of California, Berkley and the International Computer Science Institute to collect, analyze, and report data on the contemporary landscape of black-hat email credential theft. In a period between March 2016 and March 2017, Google anonymously inserted themselves into private forums, credential trading markets, and dark web paste sites in order to learn how the bad guys, looking to steal your login and password information, are operating and evolving in the modern era. Or, as Kurt Thomas et al, authors of the study, put it, Google’s newest study “presents the first longitudinal measurement study of the underground ecosystem fueling credential theft and assesses the risk it poses to millions of users.” So, what’s that all mean for you? Let’s break down the numbers and outline 3 major take-away’s from Google’s study to understand how miscreants are trying to compromise your email security.
This study analyzed databases of purportedly stolen email credential information throughout 2016. Of these datasets, roughly 788,000 instances were the result of keyloggers, 12.4 million were sourced from phishing kits, and 1.9 billion credentials stolen in larger data breaches.
1. The Bad Guys Are Staying Up-To-Date. Are You?
If you’ve considered beefing up your security infrastructure but decided that it’s probably safe to lag a year or two behind the latest technology, you’re being outclassed by the competition. Online black-hat forums distribute pre-built phishing kits and keyloggers with thousands of variants and iterartions to ensure that they stay on the cutting-edge of cyber crime. Google’s study identified over 4,000 different strains of phishing kits available in 2016, and that’s only the variants they DID find.
The bad guys aren’t making off with only information from old, unused, or abandoned accounts. 7% to 25% of recovered credentials matched the current login credentials of the accounts they were stolen from. (Don’t worry, Google made sure to reset any compromised accounts they identified!) Phishing kits in particular showed troubling results in this area: a whopping 25% of the stolen data that Google reviewed matched current, usable login credentials. The study concluded that victims of phishing kits are 400 times more likely to be successfully hijacked than an average user.
2. Corporate Phishing is a Cyber Gold Rush
That old prospector was right when he warned us all about the dangers of social engineering in the age of communication. During their research period, Google detected 234,887 instances of potentially valid credentials being transmitted to an exfiltration point (bad guys’ email) per week. Read that statement again. Not 234,887 attempts. 234,887 successful transmissions of potentially valid credentials per week. The estimated success rate for a phishing kit is 9%.
Phishing kits were largely aimed at victims located in the United States, with just shy of 50% of identified victims’ geolocations based in the U.S.
83% of phishing kits collect geolocation data in addition to login credentials
40% collect financial information such as credit card data
18% collect phone numbers
16% collect User-Agent data such as the browser, device, and platform in use at the time of the attack
9% collect social security numbers
3. “Stronger Passwords” Can Only Do So Much
Increasingly, organizations are coming to terms with the fact that a simple login/password combination is the bare bones when it comes to email security. Even hashed passwords based on salt values are proving flimsy under scrutiny, with Google’s report estimating that almost 15% of the stolen credentials in their study were hashed using MD5 and 10% with SHA-1 cryptographic hash functions.
To make matters worse, it can hardly be said that victims are learning from their mistakes. Research indicated that of victims that had their credentials stolen, only 3% later chose to switch to a two-factor authentication process as opposed to a simple login/password combination.
What Can I Do About It?
These numbers may be grim, but so long as organizations are as dedicated to email security as the bad guys are to stealing data, there is hope. Increasing usage of two-factor authentication as well as password management apps mean that the business world’s approach to cyber security is begrudgingly moving past the bare minimum. An even more secure future can be found in various email security subscriptions, encryption services, and anti-virus/anti-spam clients. Here are a couple recommendations for products that can prevent your login credentials from winding up on a black market spreadsheet.
Email encryption is the process of encrypting the content of outbound messages in order to prevent 3rd party entities from intercepting and reading that data. In many cases, this means that the readable plain text has been scrambled into a cipher text which can only be unjumbled by a private key held by a recipient that matches the public key attached to the encrypted data. Email encryption services are usually subscription services that entail additional features and services in addition to message encryption.
Record ID Matching: Scans outbound content for sensitive information before delivery
Attachment Scanning: Probes potentially harmful attachments to ensure safety before opening
Predefined Compliance Policies: Built-in policies designed to be easily deployable for common problems and compliance issues such as HIPPA or PCI
Approval Boxes: Allows you to preview unverified emails before they are opened onto your network
SonicWall TotalSecure Email provides complete protection for both inbound and outbound e-mail by providing award-winning anti-spam, anti-virus, anti-phishing, and policy and compliance management in one easy-to-use solution. For larger organizations there is simply no easier way to get complete email security. TotalSecure is a comprehensive package that holistically protects your inbox’s attack surfaces from every conceivable angle of attack by bundling several useful subscriptions together into a single strategy.
McAfee Anti-Virus: To keep the bugs at bay
SonicWall Time Zero: Protection from zero-day threats, focusing on the time frame between initial detection and receiving signature-based solutions
Corporate Phishing Protection: Uniquely identifies phishing attempts and enables admin to handle them independently from spam
Email Policy Management: Allows admin to quickly create and enforce corporate compliance policies
End-User Spam Management: Delegates spam management to end-users, reducing false positives and easing the load on your IT guys
SpamBlocker by WatchGuard is a powerful real-time detection system designed to provide immediate, comprehensive protection from spam outbreaks. As spam accounts for up to 95% of global email traffic, it can be difficult for applications to distinguish between spam and legitimate communications. SpamBlocker takes the guesswork out of suspicious or unwanted emails.
Spam email is still the number one avenue through which cyber criminals send malicious files and viruses. Spam also accounts for a large share of network traffic lag, cutting into your organization’s productivity.
SpamBlocker subscriptions can be added to your WatchGuard XTM or Firebox security setup.
Flexible administrator control
Bulk mail can cause network speeds to plummet, but SpamBlocker administrative controls allow you to choose which users or user groups can access bulk folders. Admins also have powerful tools such as whitelist and blacklist capabilities at their fingertips. Compatible with both SMTP and POP3 protocols.
Spam, bulk mail, and suspicious emails will wait for you in fully-functional, secure quarantine until you have the time to review them further. Quarantines have granular control, allowing you the flexibility to customize to your unique needs.
Optimized for better network performance
Since a majority of data processing takes place outside your gateway, you can count on WatchGuard SpamBlocker to run on minimal bandwidth and CPU power. Don’t settle for a blocky, resource-heavy solution. After all, one reason you’re blocking spam in the first place is to maintain throughput performance!
Even novice network administrators will be able to deploy and manage your spam blocker thanks to an intuitive, easy-to-learn interface. Don’t give yourself a headache trying to get rid of another headache. WatchGuard SpamBlocker is a pleasure to use.
Since SpamBlocker is priced per appliance, a single SpamBlocker subscription is enough to guard your network and all of the users configured behind your WatchGuard XTM or Firebox.
SpamBlocker is just one of many powerful and comprehensive endpoint tools available for next-generation firewalls. WatchGuard appliances are famous for their ability to operate at breakneck performance speeds even with a full load of add-ons and features enabled. WatchGuard Extensible Threat Management (XTM) can provide dynamic solutions on your network.
Companies are being urged to think twice before opening notices of complaint from the BBB as an intense phishing campaign ramps up targeting business owners. An email from Central Indiana branch of the BBB issued statements claiming that the “BBB name and logo are being fraudulently used by criminals” in a social engineering scheme.
Fraudulent emails are delivered under the guise of a violation complaint. Over 100 malicious websites have been shut down in response to attempts over the last few days.
Here are signs that you’re being targeted:
1. Check BBB emails to ensure details look legitimate. Poor formatting, typos, grammar mistakes, and generic form field greetings are all signs of a phishing email.
2. Double-check the sender’s email address. Does it appear accurate?
3. Do not click, save, or open any attachments or links.
4. Social engineers take advantage of fear, urgency, and doubt to rush targets into a rash decision. If an email asks you to take a specific action (like opening an attachment) to maintain your account or rating, think twice.
If you believe that you may be the target of a phishing email, follow these steps:
1. Delete the email and ensure that you empty your recycling bin.
2. If you clicked any links or opened attachments, immediately change your log-in credentials.
3. Watch your finances. If you see any unexpected transactions, you may want to investigate further.
4. Ensure that your endpoint protection is running with all available updates installed.
With proper understanding of social engineering practices, you can stay safe even against emerging threats.
Here’s a quick look at one of the inbox impostors:
The silver lining
Phishing is a topic to discuss in your workplace. This BBB scam represents a prime example of social engineering and cyber security safety that can be dissected for your team. Building a culture of cyber security in the workplace is a best practice that every business should keep on its to-do list. We encourage you to print the sample email provided above, highlight the tell-tale clues of social engineering, and hold a discussion with your staff about email security.
If you found a suspicious BBB notification in your inbox, do your part by reporting the email to firstname.lastname@example.org.
Fortunately, you don’t have to worry about fraudulent emails when you use SonicWall’s TotalSecure Email Protection.
Sandbox technology, which you can find a definition for on our Network Security Glossary, is the latest buzzword clawing its way through the info sec community. The rise of cloud-based threat protection is here and already the major players are proving they intend to maintain their seat in the pantheon of info sec titans. Perhaps the most successful showing, however, is from SonicWall. Capture ATP is making a real impact thanks to consistent successes in the face of a spike in high-profile ransomware attacks. ATP stands for Advanced Threat Protection and with Capture ATP that is exactly what you get.
Capture ATP detects suspicious code right at the gateways of your network and quarantines them in a virtual emulation of your system, allowing threats to unpack themselves and betray their nasty secrets in a safe sandbox environment where they can be monitored, tested, and neutralized.
Remember this scene from Jurassic Park?
It’s sort of like that: corral potential threats into a cage, then let them openly demonstrate their viciousness against disposable targets while we watch at a distance.
Okay, sandboxes aren’t new. So what makes Capture ATP stand out among the crowd?
Most sandbox systems run suspicious threats through one engine before giving threats the thumbs up or thumbs down. In these cases, you are relying on the manufacturers’ inspection systems to get it right the first time, every time. SonicWall seems to understand that getting another pair of eyes on an issue can be beneficial. In addition to SonicWall’s own threat-detecting engine, Capture ATP scans are backed up by LastLine Breach Detection and VMRay Analyzer engines that provide a second and third opinion before giving a verdict on potential threats.
I have standard anti-virus protection already. Why do I need ATP?
AV clients are great for blocking known threats. But cyber criminals of 2017 are shape-shifters and masters of disguise. The bad guys are becoming much better at sneaking through your gateways and in response, security protocol must tighten. Where once stateful inspection was sufficient, serious security firms are now demanding nothing less than deep packet inspection. As the enemy evolves, so too must the good guys.
The greatest threat to your network is now from zero-day threats. Zero-day threats are cyber attacks that target exploits that have, at the time of the attack, not been discovered or discussed widely by the cyber security community. These are attacks that could not properly be prepared for because the danger was not yet apparent or understood. With Capture ATP, suspicious code is stopped at the gateway and held in custody until an official verdict is determined. This is better-safe-than-sorry security that errs on the side of caution. With Petya, Wannacry, Eternal Blue, and other major exploits in the global spotlight, this understandably draconian style of network security is saving the day again and again for those of us under its protection.
SonicWall’s motto for the sandbox campaign is “Fear Less” and with Capture ATP, it seems more a promise than a tagline. Let’s face it, businesses everywhere just want to get this ransomware thing behind them so they can get back to taking care of customers and making money. Capture ATP cannot cure the ills of the cyber world, but it can take the pressure off of small to medium-sized businesses and enterprises alike so that we can stop worrying over every email attachment and get back to worrying about growth, customer relationships, and values.