Tag: phishing

DarkSide Pipeline Cyber Attack & More News – Ping Podcast – Episode 45

Episode 45: DarkSide Pipeline Cyber Attack & More News

The cyber world crosses into the real world in the week’s top story – as a ransomware attack attributed to DarkSide shuts down the Colonial Pipeline. We take a deep dive into the latest high profile cyber attack which severely affected the gas supply up and down the east coast. Hear what the White House is doing about it, how Russia may or may not be involved, and why attacks like this could be just the beginning.

In other headlines, we learn about new IoT (internet of things) vulnerabilities discovered by Microsoft. And finally, a coronavirus-themed phishing test gone horribly wrong for a UK train company.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, Overcast, Amazon Music, TuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please rate and review us wherever you listen. And remember to subscribe or follow where you can to get the latest episodes as soon as they’re released

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week, and our knowledge hub.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Anatomy of a Phishing Email – How to spot social engineering emails targeting your small business

The local fire department is reaching out to let our small business know that we’ve passed our inspection. Very important! Or is it? Let’s take a close look at an innocuous email that slipped into a Firewalls.com inbox in an article we’re calling “Anatomy of a Phishing Email.”

A Not So Convincing Phishing Attempt

How phishing attacks work

Building false trust – The above email was definitely targeted. By providing accurate information about our company, street address, and employee names, this attacker was attempting to build trust with the recipient. Social engineering attackers often attempt to impersonate legitimate mail senders by doing pre-emptive research on their targets.

Setting the bait – Phishing attackers are always on the lookout for some theme to build their scam around. This bait often relates to trending news topics, routine business processes, or impersonating someone you know. In this example, our phisher relied on quarterly fire inspections in an attempt to trick our recipient. Fire inspections are routine, but infrequent enough that the average employee will not have much knowledge about their last checkup. On top of that, the setup sounds critical to everyday business operations at first glance.

Springing the trap – Fortunately, our team was quick to spot the fake. This attacker wanted our recipient to visit a certain URL where something far more nefarious lies in wait. Here, the attackers provide a hyperlink that they know will not function properly and provide further instructions to manually enter a URL, rerouting victims to their intended trap.

Blog Banner General Buy Now Red-High-Quality

How can you spot a phishing attempt?

There are several questions you should ask yourself if you think you may be the target of social engineering. Here are a few things that stuck out to Firewalls.com that made us suspicious.

Sender legitimacy – Is your local fire department really going to send you an invoice by email? Have you ever received an email from this person/organization before? Most businesses and institutions won’t suddenly reach out to you via a new platform without some warning first. If the legitimacy of the senders gives you pause, you may be a target!

What information do they know about me? – Building trust by personalizing phishing emails to their target is common sense. You are more likely to believe hackers’ schemes if they seem to have accurate information about you. However, what exactly do they know? In this case, our attacker seems to know an email address, company name, and a physical address. Impressive at first sniff, but this is all publicly-available information! Never take the bait just because it has your name on it.

What is being asked of me? – While the initial setup seems believable enough, this ruse starts to fall apart when you peel back the layers. Why would the fire department send me a link that they know is broken? Why send complicated instructions on how to manually edit URLs to work around a defunct web portal?

Does it all match up? – If an email says it is from the local fire department, but the send domain contains something completely unrelated (mobile-eyes?), you may be onto something! In this example, the attacker is instructing our recipient to visit a web domain that has nothing to do with fire inspections. More like “mobile-eye-don’t-think-so.”

What to do if you think you received a phishing email

Never spring the trap – First and foremost, do not click anything! Links, attachments, replies, forwards—leave it all alone. You cannot be breached simply by receiving the email, so stop while you are ahead.

Get IT involved – Alert your IT team and immediate supervisors. If you have even an inkling of doubt about the legitimacy of an email, there’s no harm in getting a second opinion from an expert. Reach out to your IT department for further guidance.

Block the sender – If this is just one attempt in a more persistent or complex spearphishing campaign, there will be further emails brewing. Blocking the email domain of a bad actor prevents a future lapse in judgment or mistake from providing a second point of entry for foiled attackers.

Rely on defense-in-depth – Want to know the easiest way to sidestep an attempted phishing scam? Do not let it ever land in your inbox. Defense-in-depth network security strategies employ email encryption, cloud-based sandboxing, and Time-Of-Click protection to provide email security before, during, and after delivery of suspicious messages. Tools such as SonicWall Capture Advanced Threat Protection and Barracuda Essentials take the guesswork out of checking your mailbox.

Ransomware and malware delivered through phishing emails are more rampant than ever before. Whether hackers are relying on coronavirus scams, election news, Black Friday deals, fire inspections, or otherwise, there’s always some new social engineering scheme on the horizon. Protecting yourself starts with educating yourself against these attacks. Stay safe while holiday shopping by tuning into our podcast episode “Black Friday Becomes Cyber November 2020” featuring Dan Lohrmann.

Blog Banner General Buy Now Red-High-Quality

Want to learn more about phishing and social engineering?

Check out our podcast on Phishing with SonicWall’s Matt Brennan.

Check out our Firewalls.com Threat Dictionary entries on ransomware, phishing, and spearphishing.

Top 4 Email Security Solutions of 2020

Top 4 Email Security Solutions of 2020

The best email security solution ends up pulling a lot more weight than most network security services in 2020. Unless you live under a rock, you are increasingly aware of the ransomware scourge plaguing small businesses and enterprises alike. Email security targets advanced threats where they’re most likely to attack: your inbox. Thanks to social engineering schemes, your small business email service is a big, flashing target for hackers looking to infiltrate the network. Business emails are exceedingly vulnerable to advanced threats, like:

  • Phishing & spearphishing
  • Domain squatting
  • Cloud-based malware droppers
  • Business Email Compromise & account takeover
  • Impersonation & fraud

What makes email-borne attacks so efficient and how can you stop them in their tracks? We’ll break down the four best email security solutions of 2020, explain how they rebuff the bad guys, and help you find the email security solution that best fits your network needs.

How does email security keep you safe?

Email security solutions are often multi-faceted platforms that integrate several moving pieces to form a cohesive, defense-in-depth strategy. Email security monitors both inbound and outbound email traffic, allowing networks to scan the contents of messages and attachments to determine their intentions. Pair this with other fail-safes such as a cloud-based sandbox, anti-spam, and anti-malware services, and you’ve got a robust system that can keep an eye out not just for viruses, but also for sensitive data exfiltration and impersonation attempts.

Modern email security appliances and services offer multi-layered security by scanning all email contents, URLs, attachments, and headers with advanced analysis techniques. These techniques recognize threats based on their behavior, NOT by relying on known threat signatures. Just as the bad guys train to imitate the way you write messages, the best email security solutions are experts at spotting subtle clues in messages that betray malicious intentions.

What to look for in an email security solution

Email security solutions need to be more than just effective; they also must be user-friendly. Simplifying the challenges of network security is crucial to a network security infrastructure that meets your business goals. The best email security solution for small businesses is one that’s easy to setup and manage.

Other factors to look for in the best email security solution for your needs include:

  • Email spooling that allows for business continuity even during Internet loss or power outages
  • Message archiving to make regulatory compliance audits easier
  • Real-time threat intelligence updates that keep your email security constantly evolving
  • Task automation & robust reporting to effortlessly manage addresses, accounts, & user groups

Top 4 Email Security Solutions for Small to Mid-Sized Businesses


SonicWall Ransomware Solutions 2020

SonicWall TotalSecure Email

Key Features:

  • Industry-validated Capture Advanced Threat Protection sandbox stops ransomware & zero-day threats from ever reaching your inbox
  • Users protected from clicking on malicious links across any device or location with time-of-click URL protection
  • Granular Data Loss Prevention & compliance policies protect data

What makes SonicWall TotalSecure one of the Best Email Security Services in 2020?

SonicWall Email Security appliances and software provide multi-layered protection from inbound and outbound email threats and compliance violations by scanning all inbound and outbound email content, URLs and attachments for sensitive data. What’s more, they deliver real-time protection against ransomware, targeted phishing attacks, spoofing, viruses, malicious URLs, zombies, directory harvest, denial-of-service and other attacks.

TotalSecure Email leverages multiple, patented SonicWall threat detection techniques and a unique, worldwide attack identification network.


Sophos Ransomware Solutions 2020

Sophos Advanced Email Protection

Key Features:

  • Sophos Synchronized Security connects Sophos Email security with endpoint protection, delivering automated detection & clean-up
  • Compromised Mailbox Detection services detect outbound spam & malware to safeguard send reputation
  • Sophos Phish Threat gives you tools to test & train employees on cybersecurity awareness

What Qualifies Sophos Advanced Email Protection as one of the Best Email Security Services in 2020?

Sophos Email integrates in real-time with Sophos Central, an intuitive console for managing all your Sophos products. By extending Sophos Synchronized Security to your inbox, you ensure email security integrates into your entire network security posture.

Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity awareness training, and next gen endpoint protection, all from a single mobile-optimized portal.


Barracuda Logo

Barracuda Essentials – Email Security & Compliance

Key Features:

  • Real-time detection of dynamic threats constantly updates with 24×7 threat intelligence
  • Outlook plug-ins & mobile apps for easy user access
  • Barracuda Cloud Email Archiving integrates with Exchange & other cloud-based email services to create an indexed archive

What Qualifies Barracuda Essentials as one of the Best Email Security Services in 2020?

Barracuda Essentials filters and sanitizes all messages before delivery to your mail server. This protects your network from email-borne threats and social engineering before users even have a chance to click a link. Barracuda Essentials combines virus scanning, reputation checks, URL protection, spam scoring, real-time intent analysis, and other techniques to monitor threats across all potential attack vectors.


Fortinet Email Security Solutions 2020

Fortinet FortiMail Appliances

Key Features:

  • Outbreak protection, content disarm & reconstruction, sandbox analysis, & impersonation detection combined into a single hardened appliance
  • Prevent data loss with powerful, identity-based email encryption
  • Integrate with full suite of Fortinet products as well as third-party Fortinet Fabric Partners by sharing Indicators of Compromise across Fortinet Security Fabric

What Qualifies Fortinet FortiMail as one of the Best Email Security Services in 2020?

FortiMail secure email gateways stop volumetric and targeted cyber threats to secure dynamic attack surfaces. FortiMail also prevents the loss of sensitive information and simplifies regulatory compliance. Offered as high-performance physical and virtual appliances, FortiMail is flexible enough to deploy on-site or in the public cloud to meet a wide range of business goals and security needs.


Looking for the best email protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

Ransomware Attack Clapback: How to Prepare if You’re Targeted

Ransomware Attack 2020: Why Prepare

It seems like every week in 2020, we hear about another major ransomware attack. While volume continues to grow in recent years, more troubling is the fact that ransomware is getting more targeted. Why is this more troubling? Because of its more targeted nature, it’s also getting more effective. Many ransomware cells now study their targets to pinpoint weaknesses, then customize attacks to exploit them. Not only that, they select targets and set ransom amounts based on knowledge of what those victims can pay.

And one more troubling fact to keep you up at night: soft targets are particularly vulnerable. That is, bad actors are placing local governments, school systems, nonprofit organizations, and even healthcare providers in the crosshairs. So even if your business avoids attack, a successful breach of one of these targets has major effects on day to day life. Enough preamble though. If you made it this far, you know the situation is serious. Here are three ways to prepare to clapback, so an attack won’t stop you in your tracks.

Train Your Staff

Your employees can be either the point of entry or the first line of defense for a ransomware attack. The choice is yours. Among the most common ways for ransomware to infect your network is once again through phishing emails. If your network users don’t know what to look for, they may unsuspectingly click on an attachment that delivers the malicious payload. Simple training makes all the difference, sharing tips like:

  • Double-check the domain name that sent the email
  • Look for spelling errors as well as numbers replacing letters
  • Review the signature & legitimacy of the request
  • Hover over links – without clicking – to check where they lead
  • Don’t click on attachments unless you’re sure of the source

There are applications available to let you test your employees & reinforce training without the consequence being an actual breach. Check out Sophos Phish Threat and Barracuda PhishLine for a couple worthy examples. Oh and one other key piece of training? Teach your employees to report any suspicious contacts asking for a way into your network.

Layer Your Security

The best approach to network security in 2020 is a layered one. As we just noted, well-trained employees are one layer, but there are many others to consider. If you haven’t heard by now, it all starts with the firewall. Your firewall – operating the latest and greatest security services – should be the cornerstone of a protected network setup. A current generation firewall plus those security services protects against just about any threat that comes your way. Companies now commonly incorporate threat intelligence – both human and the artificial variety – plus machine learning into their security offerings. That means they’re on the cutting edge to recognize and stop ever evolving ransomware and malware varieties.

But with the workforce extended beyond the perimeter now more than ever, your security must do the same. That means endpoint protection and secure access to your network for remote employees are also musts. Endpoint protection not only gives you visibility into these remote devices, it also extends many of the same security services to them individually. Ensuring secure access via VPN then brings your teleworkers back under the security of your firewall and network setup. And the layering shouldn’t stop there. Ensure you have email security in place to filter out suspicious messages before they even reach the eyes of an employee. And segment your network so a breach of one device doesn’t extend throughout. This may sound like a lot, but bundling services is surprisingly reasonable, and security costs much less than a successful ransomware attack ever will.

Backup So You Can Rollback

This could easily fall under the layers above, but when it comes to a ransomware attack, backup deserves a spotlight all its own. If you are successfully breached and your files encrypted, the smart money isn’t on paying the ransom, it’s on rolling back. Regular backups of your data allow you to get right back to work with minimal interruption, even if a ransomware attack occurs. A Sophos survey of 5,000 IT managers found more than half of firms whose data was encrypted by ransomware restored it through backups. Why is that? There are no guarantees when you pay the ransom. Plus, you don’t really want to support a criminal enterprise. And on a more practical note, Sophos also found that paying the ransom resulted in twice the remediation costs of restoring data from backups. Even if the ransomware cell you’re working with gives you the encryption key when you pay up, you still have to dedicate time and effort to restoration. So why not just have the restoration already available in house. Learn about Barracuda Backup and Sophos Intercept X with CryptoGuard for a couple of options to ensure you’re not caught flat-footed when a ransomware attack comes.

Cyber Threats in the Time of Corona – Ping Podcast – Episode 27

Episode 27: Cyber Threats in the Time of Corona

When 2020 began, the cyber threat landscape – and the world – looked much different. But as summer winds down and the coronavirus pandemic wears on, not only has day to day life been affected, but so too has cybersecurity. To go over the emerging corona-related hazards – and others that aren’t going away – Andrew and Kevin welcome back SonicWall’s Brook Chelmo. Brook discusses SonicWall’s 2020 Cyber Threat Report Mid-Year Update, which captures threats like coronavirus-themed phishing & malware strains. Additionally, we talk about ransomware’s increasing targeting of schools, governments, and other soft targets, plus the added security risk of remote work. On top of that, there are  still IoT (Internet of Things) vulnerabilities, and many other returning favorites.

Get the SonicWall 2020 Cyber Threat Report Mid-Year Update.

In cybersecurity headlines, we continue the COVID-19 theme to discuss some top coronavirus online scams. Then we go over a Microsoft survey showing how the pandemic has accelerated network security’s digital transformation. And finally, we embrace the DarkSide for a new ransomware threat.

But wait, there’s more! We debut a new segment (hosted by a new Andrew) called Ransomware Reckoning. Getting the spotlight this time is an attack on Jack, Jack Daniels that is.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please remember to subscribe or follow where you can to get the latest episodes as soon as they’re released. And please rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Tip of the Spear – Ping Podcast Episode 13

Episode 13: Tip of the Spear

We went into this episode with our heads in the cloud, specifically the Office 365 cloud. But as we spoke with SonicWall’s Matt Brennan, we not only learned about a spearphishing campaign that targeted O365 late last year, we also learned why spearphishing – and the related issue of business email compromise – has been among the most financially successful forms of attack for hackers over the past decade. We also heard a real-life example of what happened to a clothing retailer just last year following a breach. And on a brighter note, we talked about how to prevent these email-based attacks from ruining your business, with a look at SonicWall Cloud App Security as part of a layered approach to network protection.

Read Matt’s blog about the Office 365 attack, and learn more about Cloud App Security right here on our blog and on episode 1 of Ping.

In our Headlines, we talk about yet another way emotet could get you (via Wi-Fi), some malicious Chrome web extensions also known as malvertising, and why lawmakers and the Government Accountability Office are worried about the cybersecurity of the 2020 Census.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Remember to subscribe or follow where you can to get the latest episodes as soon as they’re released, and rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!

What is a Man in the Middle attack? How to keep your online footsteps hidden

Today we’re going to talk about a ghost in the machine. But don’t get all Gilbert Ryle’d up. We’re not waxing philosophic or discussing Scar Jo movies. No, we’re going to demask that phony bogeyman playing trapeze among your unsecured wires: the Man in the Middle. For those unfamiliar with the term, a Man in the Middle (MITM) breach is a cyber-attack in which the bad guys park themselves between you and the web. Man in the Middle is one of the many common attacks discussed in our Spooky Cyber Threats episode of Ping: A Firewalls.com Podcast, and today we’ll give a more in-depth picture of what the threat looks like.

What is the goal of a Man in the Middle attack?

The objective is simple: gather as much personal data about the victim as possible. If an opening presents itself, cyber criminals will pursue it. This means that if attackers can trick you into revealing or changing your login credentials, they will. If they can swipe your financial data, they will. The Man in the Middle attack is primarily a recon job with an opportunistic slant.

How does a Man in the Middle attack work?

Let’s simplify your web surfing to an easily-digested scenario: your computer, Point A, wants to fetch data from a web server, Point B. Point A requests data, the request travels over the web, and the web server receives the request. The web server gathers the data and ships it back to Point A. Man in the Middle attacks occur when a cyber attacker plants a toolkit between Point A and Point B and acts as a stepping stone between the two.

From this position, the Man in the Middle employs keyloggers, social engineering, and monitoring tools to either abscond with personal data or attempt to manipulate the user at Point A into further jeopardy. This can mean anything from serving fake versions of requested websites, tricking users with bogus password change requests, or tricking your contacts into providing sensitive information through phishing.

While old-school Man in the Middle attacks required attackers to literally plug into your network via close physical proximity, savvy cyber criminals have perfected the technique to take place completely through your browser. No longer do criminals need to crawl through the ventilation system to smuggle a bug onto your mainframe. Now they can do it all from the comfort of home.

How do you prevent Man in the Middle attacks?

1 – Firewalls & Configuration

The most powerful tool you have in the war for cyber security is the firewall. However, an appliance alone is rarely sufficient. It is important to also ensure that your firewall hardware is configured correctly. Think about it, if you buy a fancy home security system, you’re not just going to plug it into an outlet and call it a day. Instead, your security devices should be fine-tuned to fit the needs of your network.

Take your blind spots and unique vulnerabilities into account. No two networks are built the same and so no two firewalls should be configured the same. Ensuring that you have a suitable setup from the start will save a lot of pain down the road.

2 – Comprehensive Endpoint Protection

Even the most expensive hardware will fail once an unsuspecting employee opens a malicious file. Building a tall fence is great and all, but without strong security at the gates, you’re just redirecting network raiders to specific doorways. Sandboxing, ransomware damage rollback, antivirus clients, and browser protection are all fantastic options to add on to your security infrastructure.

Sophos Intercept X is a powerful security suite built to run alongside your current applications. Give it a two week trial for free to see if it works with your network.

3 – Exercise Safe Web Practices

This is the part of the article that preaches about strong passwords and email attachments. So, here goes:

– Use strong, complicated passwords. Never use default credentials like “admin” or “1234”

– If you’re asked to follow a link in an email, always type the URL into your browser. Don’t click! Spoofed domains, typo-squatting, and crucial differences between HTTP and HTTPS mean that every href you click is a potential malware minefield

– Don’t open suspicious attachments from unknown senders

– Avoid public Wi-Fi if possible. If you must connect to a public router, do so indirectly through Virtual Private Networks. Public networks are a watering hole where hungry cyber crocodiles are just waiting for their prey to exhibit vulnerability

Following cyber security best practices and deploying next-generation firewalls with an endpoint solution mean instead of dealing with a Man in the Middle, you’ll more likely be playing monkey in the middle with desperate cyber criminals trying, and failing, to get their hands on your data.

Learn about more cyber threats

Now that you’ve mastered the Man in the Middle, maybe it’s time to conquer keyloggers, trounce trojans, or make persistent threats perish. Check out the Firewalls.com Threat Dictionary to learn about all of the latest network security threats.

Prefer to listen and learn? Check out Episode 5 of Ping: A Firewalls.com Podcast where we talk cyber threats with SonicWall’s Daniel Kremers and Fortinet’s Douglas Santos.

Originally published by Andrew Harmon on LinkedIn Pulse, October 2017

3 Things to Learn from Google’s Latest Report on Stolen Credentials

Over the last year, Google has teamed up with University of California, Berkley and the International Computer Science Institute to collect, analyze, and report data on the contemporary landscape of black-hat email credential theft. In a period between March 2016 and March 2017, Google anonymously inserted themselves into private forums, credential trading markets, and dark web paste sites in order to learn how the bad guys, looking to steal your login and password information, are operating and evolving in the modern era. Or, as Kurt Thomas et al, authors of the study, put it, Google’s newest study “presents the first longitudinal measurement study of the underground ecosystem fueling credential theft and assesses the risk it poses to millions of users.” So, what’s that all mean for you? Let’s break down the numbers and outline 3 major take-away’s from Google’s study to understand how miscreants are trying to compromise your email security.

This study analyzed databases of purportedly stolen email credential information throughout 2016. Of these datasets, roughly 788,000 instances were the result of keyloggers, 12.4 million were sourced from phishing kits, and 1.9 billion credentials stolen in larger data breaches.

1. The Bad Guys Are Staying Up-To-Date. Are You?

If you’ve considered beefing up your security infrastructure but decided that it’s probably safe to lag a year or two behind the latest technology, you’re being outclassed by the competition. Online black-hat forums distribute pre-built phishing kits and keyloggers with thousands of variants and iterartions to ensure that they stay on the cutting-edge of cyber crime. Google’s study identified over 4,000 different strains of phishing kits available in 2016, and that’s only the variants they DID find.

The bad guys aren’t making off with only information from old, unused, or abandoned accounts. 7% to 25% of recovered credentials matched the current login credentials of the accounts they were stolen from. (Don’t worry, Google made sure to reset any compromised accounts they identified!) Phishing kits in particular showed troubling results in this area: a whopping 25% of the stolen data that Google reviewed matched current, usable login credentials. The study concluded that victims of phishing kits are 400 times more likely to be successfully hijacked than an average user.

2. Corporate Phishing is a Cyber Gold Rush

Prospector Jeevekins was right about the dangers of unsecure email

That old prospector was right when he warned us all about the dangers of social engineering in the age of communication. During their research period, Google detected 234,887 instances of potentially valid credentials being transmitted to an exfiltration point (bad guys’ email) per week. Read that statement again. Not 234,887 attempts. 234,887 successful transmissions of potentially valid credentials per week. The estimated success rate for a phishing kit is 9%.

  • Phishing kits were largely aimed at victims located in the United States, with just shy of 50% of identified victims’ geolocations based in the U.S.
  • 83% of phishing kits collect geolocation data in addition to login credentials
  • 40% collect financial information such as credit card data
  • 18% collect phone numbers
  • 16% collect User-Agent data such as the browser, device, and platform in use at the time of the attack
  • 9% collect social security numbers

3. “Stronger Passwords” Can Only Do So Much

Increasingly, organizations are coming to terms with the fact that a simple login/password combination is the bare bones when it comes to email security. Even hashed passwords based on salt values are proving flimsy under scrutiny, with Google’s report estimating that almost 15% of the stolen credentials in their study were hashed using MD5 and 10% with SHA-1 cryptographic hash functions.

To make matters worse, it can hardly be said that victims are learning from their mistakes. Research indicated that of victims that had their credentials stolen, only 3% later chose to switch to a two-factor authentication process as opposed to a simple login/password combination.

What Can I Do About It?

These numbers may be grim, but so long as organizations are as dedicated to email security as the bad guys are to stealing data, there is hope. Increasing usage of two-factor authentication as well as password management apps mean that the business world’s approach to cyber security is begrudgingly moving past the bare minimum. An even more secure future can be found in various email security subscriptions, encryption services, and anti-virus/anti-spam clients. Here are a couple recommendations for products that can prevent your login credentials from winding up on a black market spreadsheet.

Email Encryption

Email encryption is the process of encrypting the content of outbound messages in order to prevent 3rd party entities from intercepting and reading that data. In many cases, this means that the readable plain text has been scrambled into a cipher text which can only be unjumbled by a private key held by a recipient that matches the public key attached to the encrypted data. Email encryption services are usually subscription services that entail additional features and services in addition to message encryption.

  • Record ID Matching: Scans outbound content for sensitive information before delivery
  • Attachment Scanning: Probes potentially harmful attachments to ensure safety before opening
  • Predefined Compliance Policies: Built-in policies designed to be easily deployable for common problems and compliance issues such as HIPPA or PCI
  • Approval Boxes: Allows you to preview unverified emails before they are opened onto your network


TotalSecure Email

SonicWall TotalSecure Email provides complete protection for both inbound and outbound e-mail by providing award-winning anti-spam, anti-virus, anti-phishing, and policy and compliance management in one easy-to-use solution. For larger organizations there is simply no easier way to get complete email security. TotalSecure is a comprehensive package that holistically protects your inbox’s attack surfaces from every conceivable angle of attack by bundling several useful subscriptions together into a single strategy.

  • McAfee Anti-Virus: To keep the bugs at bay
  • SonicWall Time Zero: Protection from zero-day threats, focusing on the time frame between initial detection and receiving signature-based solutions
  • Corporate Phishing Protection: Uniquely identifies phishing attempts and enables admin to handle them independently from spam
  • Email Policy Management: Allows admin to quickly create and enforce corporate compliance policies
  • End-User Spam Management: Delegates spam management to end-users, reducing false positives and easing the load on your IT guys


Want to see Google’s research for yourself? Download the PDF.

PHISHING ALERT: The Better Business Bureau warns members about fraudulent emails

Companies are being urged to think twice before opening notices of complaint from the BBB as an intense phishing campaign ramps up targeting business owners. An email from Central Indiana branch of the BBB issued statements claiming that the “BBB name and logo are being fraudulently used by criminals” in a social engineering scheme.

Fraudulent emails are delivered under the guise of a violation complaint. Over 100 malicious websites have been shut down in response to attempts over the last few days.

Here are signs that you’re being targeted:

1. Check BBB emails to ensure details look legitimate. Poor formatting, typos, grammar mistakes, and generic form field greetings are all signs of a phishing email.
2. Double-check the sender’s email address. Does it appear accurate?
3. Do not click, save, or open any attachments or links.
4. Social engineers take advantage of fear, urgency, and doubt to rush targets into a rash decision. If an email asks you to take a specific action (like opening an attachment) to maintain your account or rating, think twice.

If you believe that you may be the target of a phishing email, follow these steps:

1. Delete the email and ensure that you empty your recycling bin.
2. If you clicked any links or opened attachments, immediately change your log-in credentials.
3. Watch your finances. If you see any unexpected transactions, you may want to investigate further.
4. Ensure that your endpoint protection is running with all available updates installed.

With proper understanding of social engineering practices, you can stay safe even against emerging threats.

Here’s a quick look at one of the inbox impostors:

bbb phishing social engineering email firewalls cyber security

The silver lining

Phishing is a topic to discuss in your workplace. This BBB scam represents a prime example of social engineering and cyber security safety that can be dissected for your team. Building a culture of cyber security in the workplace is a best practice that every business should keep on its to-do list. We encourage you to print the sample email provided above, highlight the tell-tale clues of social engineering, and hold a discussion with your staff about email security.

If you found a suspicious BBB notification in your inbox, do your part by reporting the email to phishing@council.bbb.org.

Fortunately, you don’t have to worry about fraudulent emails when you use SonicWall’s TotalSecure Email Protection.