Guest Blog - Email security buzzwords, need some help?

Thursday, 21st April, 2016

Email security buzzwords – need some help?

It’s difficult to protect your organisation against the latest and greatest in email threats, particularly if you are struggling to stay on top of what each threat means exactly - never mind ensuring your email security product is up to the task.

To get you up to speed, we have compiled a list of the most popular email security threat buzzwords – maybe a little beneath the hardened IT Manager but hopefully just right for the industry ‘newbie’.

Phishing

With phishing a person will send out a mass email to hundreds or thousands of email addresses asking for some personal information. The sender will pretend to be a reputable company such as a bank or retail outlet and set up an email account which looks to be from that organisation. They will then ask you to respond to the email with your bank details, online account logins or some other personal information. The email could also get you to click on a link which would send you to a false website or one which will put a virus on your computer when you visit. Still popular despite a trend towards more person specific attacks, phishing is here to stay.

Spear Phishing

A spear phishing attack is more sophisticated and less easy to spot than a basic phishing email. Here you might receive an email from someone pretending to be your boss or colleague or friend – this information is often taken from social networking sites such as LinkedIn and Facebook – asking you to send them some personal or business sensitive information. The attack can be a lot more personalised in that the sender will use personal information, perhaps the names of people you both know or they may even already possess some knowledge of the business. Due to how the email is structured and sent, this type of targeted attack is often very successful if employee awareness and knowledge is low.

Whaling

Whaling is spear phishing but it targets high-level staff (big fish) in a business. Finance staff will receive an email from the boss, who is out of the office, asking them to transfer money to an account. The boss would do it but he is away currently. The opposite has also happened where the boss will receive an email from the finance person asking him to transfer the money and so on.

Whaling can also occur where a high level member of staff receives an email which looks like an official legal or financial notification, asking them to click a link to accept the information/appointment. In this instance a virus will be downloaded to their computer. This highlights the need for both email and web security to guard against both threat areas.

Spoofing

Email spoofing is the creation and sending of email messages with a fake sender address. It can be easy to set up because the core protocols do not have any mechanism for authentication. This is the first step in any phishing, spear-phishing or whaling attack. A sender policy framework (SPF) can stop or certainly reduce spoofing by specifying that only certain servers can send for your domain.


Spam

Unsolicited emails sent to large numbers of people, for the purposes of advertising, phishing, and spreading viruses. Classic examples of spam include emails from dodgy pharmaceutical companies and also internet dating sites. People often confuse bulk mail for spam but that is classed as a separate area.

Virus

A virus is something that can infect your computer. In the case of email messages it can be contained in an attachment such as an executable file, word document etc.

Ransomware

Email messages containing a virus are sent to a recipient. Once the virus is on the computer it goes on to infect an entire network. In most cases a business will be shut out of all their files and systems and a request for payment will be sent to them. In essence their systems are held to ransom. Once the ransom is paid, the files, in theory are released.

Data leakage

Irate Salespeople or annoyed HR staff, these are key people with access to key information about your company and where the most common cases of data leakage occur. Whether it is taking customer databases with them to their next sales job or lists of employees to their next recruitment job, employees are your weakest link in data security. Safeguarding against this type of leakage is crucial to the modern business and has created a whole new area in IT – Data Leakage Prevention. In an age where one click can download the details of everyone in your sales pipeline, it is important that this information does not leave your organisation. Setting up custom policies in your email and web security software is one of the few ways to avoid this happening.

If you would like to improve your email or web security you can learn how AIT can help by clicking here, alternatively call us and we will be happy to discuss your options, our number is 0113 273 0300.

By Yvonne Conway, FuseMail® UK