Email security: let's take stock

The vast majority of business communications these days are via Email. This medium is also used for trtransfer sensitive files, invoices and other important information which, in the past, were transferred by regular mail, or by internal courier.

Not many know what the life cycle of an email: this starts from a computer, reaches different servers located in the world – and predefined, as well as being managed by human beings – to then reach the destination computer. This process, which lasts a very few seconds, is actually a complicated information transition system that can present problemi di sicurezza.

After all, it happens to everyone receive "strange" emails from relatives, friends and colleagues or alleged companies located in strange places on earth which, in reality, carry links of dubious quality and which ultimately lead to thinly veiled advertising messages or scams without too many ceremonies. You won't be surprised to discover how much creativity scam artists put into their attempts to steal your data or, even worse, your money. Malware, phishing or advertising: you'll be spoiled for choice.

And if spam filters protect you from the most blatant fraud, some still manage to breach security systems. Furthermore, corporate emails are all very similar to each other, and consequently when one is identified, it becomes easy to reconstruct those of all colleagues (e.g.: namesurname@namecompany.cc)

A little bit of data

In 2016, about 93% of phishing emails were ransomware, or the very dangerous malware that blocked all data on the computer until the owner had paid a rather substantial amount in cryptocurrencies. The dangerous thing is that these emails disguise themselves well: yes conceal under the guise of credible invoices, such as those of gas or electricity, and invite you to click on links that hide a danger.

Le phishing emails and ransomware are quite popular techniques among criminals to get the most out of the least effort. And although anti-spam systems can protect us from these duties, we know perfectly well that the main problem of system security is, once again, the human being.

Errors, carelessness, lack of knowledge of the vehicle, poor training. And eventually email becomes a perfect vehicle for those with bad intentions.

What you need to know about email

It was the rampant 70s when it was created Arpanet, progenitor of the current Internet, an invention that has revolutionized people's way of living and working. All e-mail that is transferred over the internet every day operates through the protocol SMTP, which is interpreted by various mail handling systems. SMTP is one of the oldest Internet protocols, and has been deliberately kept in its original state precisely because it must be able to handle millions of requests per second, coming from as many millions of users.

Let's see it in detail:

  • User A types the address, subject and text of the email into his mail program, which can be browser-based or regular software. The email, once sent, is forwarded via SMTP to the local mail server – which can be corporate or rented from specialized companies.
  • The local mail server uses SMTP to contact the destination server, i.e. that of user B (or of several users in the case of multiple mailings).
  • The destination mail server delivers mail to the recipient.
  • Through the POP, or rather the Post Office Protocol, user B retrieves the message on his own computer and consults it.

The email is divided into two parts: header, which contains all the identifying information of the sender, including the name and address of the email, and those relating to the recipient. The the body, on the other hand, is the written content with any images.

How to spot an email scam

La Most computer infections arrive via email because the sender claims to be what it really isn't. And who he wants you to believe he is. All in all, a big scam.

There are ways to unmask these wickednesses and how, and mostly once they have passed the computer filters, they depend above all on the knowledge of the recipient's vehicle. In short, the discussion is rather complex and not always possible. Sometimes it's simply a matter of recognizing the difference between a .it and a .com, or checking the date to understand if the timing is realistic.

To be really sure that the mail is from the address it claims to be, you need to do a IP check, found in the header, and scan it with tools like Whois-ip Location. That way, we can get a little better idea of ​​who sent what, and how this IP can harm us, if it can.

Server name and IP address of the original sender are not always present in the header of the mail. This depends on provider which is used to send mail. If the mail is written by a mail client, then it may be possible to trace the IP address.

If it is made by a webmail provider, or by a browser, the header must be analyzed to find the IP address. However, these guidelines are not always valid for all providers. Finally, it must be said that even when analyzing these data, we don't always find ourselves in front of who we think. To find a fake sender, we have to do pay attention to any type of signal that is proposed to us by email, from the header to the more technical details, just like the ones we listed above.

Privacy

The only way to be sure of not having a potential data breach on your hands is to hold high consider your privacy. This not only goes through the hands of the sender and receiver, but also based on all the bounce servers you rely on. In other words, no one can guarantee 100% that every email we receive is authentic, and consequently the only real proof we can make is one that our eyes can disprove.

Many companies avoid the problem of server bounces using own structures which they can monitor closely, but this solution requires significant investments, dedicated staff and a lot of professionalism.

A good tip is to make use of the BCC field. Are you sending an email to multiple recipients? You can send some in CC, i.e. carbon copy, and in CCN, i.e blind carbon copy. This way, you will be sure that you have a strong base of well-hidden email addresses. And worry no more about who your recipients might be reading.

Spam

Lo spam is one of the most debated conflicts of the modern internet. There's little you can do: when with a simple click you can send hundreds of thousands of emails in a single instant, the temptation is irresistible. We go. But then you also risk becoming annoying, and this is where real spam comes from. Usually spam is not a vehicle for viruses, but only for overbearing annoyance. And in any case it is not even said that it cannot carry viruses or scams.

If at first the plague was stemmed blocking suspicious IPs, inserting emails in the appropriate blacklists, is now more difficult. First of all, the IP address is dynamic, i.e. it is randomly assigned by the provider to the customer each time he connects. Also, many companies use gods proxy to facilitate and share the connection between employees. Through viruses, the spammer manages to install some proxies on your computer to send mail through your platform. Unpleasant, huh?

After the IP, it came text analysis of emails. Any word that could indicate a potential spam message was automatically blocked by the algorithm. The villains' response was quick and effective: to insert the text into photographs, so that the analyzers could not identify it.

Nowadays, one of the most effective solutions to avoid spam is called ASSASSIN SPAMASSIN. It is a tool that uses advanced techniques to identify possible electronic scams – but the last check is always up to the user. And there is little to do. You are the best check there is, if you know enough.

Malware

If email could talk…

One of the main vehicles of contagion (only electronically, fortunately, given the times we are living in) is email. Every day, hundreds of thousands of hooded petty crooks send millions of emails from the darkness of their wicked rooms containing malware, or programs that intend to harm the health of our computers. Well, we've dramatized it a bit, but the substance doesn't change: the Malware arrives at your mailbox in many forms, some of which, thank goodness, are blocked by the provider as too rudimentary.

Usually, malware lurks in a attachment or even is inherent in the body of the email. When it comes to attachments there are no big problems. Just check the file extension: if this should be an .exe, it is better to avoid it in general. However, the malware could also be hiding in what we think are innocent word documents. You open word, click to run the macro and the virus is activated by infecting your machine. Criminals with social engineering techniques find the system to make the unsuspecting user click the execution of the macro in a completely spontaneous and accidental way.

What if the message has no attachments? Is it 100% safe? Absolutely not. The simple HTML message can contain codes that activate dangerous malware dynamics, for example through a script that is activated when the email is opened.

It is also necessary to pay close attention, as always, to the hypertext links of the mil. In fact, the link could make you believe that it is leading you in one direction, leading you directly into a well-designed trap. Or not even that well thought out, if you're inattentive. Before clicking a hyperlink, be sure to mouseover the link to see if the destination is the correct one.

How to manage your email wisely

Here are some practical tips to learn how to manage your e-mail wisely:

  • Encrypt important messages containing sensitive data;
  • Have a company SMTP server;
  • Check the headers, always
  • Equip yourself with a good antivirus that checks your email at the time of download, both incoming and outgoing
  • Mouseover each link before opening it

If the email seems suspicious to you, in general just avoid opening it. At the very least, be sure to download his attachments. Email scams they appeal to the least prepared users. Create awareness of the problem within the company, educating and training personnel through internal tests, information activities and courses – even if only for a few hours. Why risk a contagion?