Security Awareness: Protecting your mailbox
Protecting your mailbox from threats requires constant vigilance, both
on the part of Mi8's security personnel, and on the part of your users.
Threats are constantly evolving and shifting:
- In December 2004, 1 in 19 messages received by Mi8 from the Internet was
a virus - more than doubling from the year before. This is projected to
double again in 2005.
- That same month, spam messages made up more than 80% of messages
received from the Internet by Mi8.
- Phishing attacks grew exponentially in 2004, and continue to expand in
2005.
Perhaps more frightening, however, is the fact that virus writers and
spammers have started working together, to create sophisticated attacks
combining elements of both threats. These new attacks are transforming
the PCs of unsuspecting users into "zombies", which are being used as
tools for committing crimes such as identity theft, fraud, pornographic
spam, and more.
Below you will find some commonsense advice about how to best protect
your users; remember, training user behavior is even more important than
the best security technology!
Viruses & Worms
In computer security technology, a virus is a self-replicating program
that spreads by inserting copies of itself into other executable code or
documents (for a complete definition: see below). Thus, a computer virus
behaves in a way similar to a biological virus, which spreads by
inserting itself into living cells. Extending the analogy, the insertion
of the virus into a program is termed infection, and the infected file
(or executable code that is not part of a file) is called a host.
Viruses are one of the several types of "malware" or malicious software.
In common usage, the term virus is often extended to refer to computer
worms and other sorts of malware.
While many viruses can be intentionally destructive (for example, by
destroying data), many other viruses are fairly benign or merely
annoying. Some viruses have a delayed payload, which is sometimes called
a bomb. For example, a virus might display a message on a specific day
or wait until it has infected a certain number of hosts. A time bomb
occurs during a particular date or time, and a logic bomb occurs when
the user of a computer takes an action that triggers the bomb. However,
the predominant negative effect of viruses is their uncontrolled
self-reproduction, which wastes or overwhelms computer resources.
Today (as of 2005), viruses are somewhat less common than network-borne
worms, due to the popularity of the Internet broadband connections,
which connect PCs to the Internet 24x7. Anti-virus software, originally
designed to protect computers from viruses, has in turn expanded to
cover worms and other threats such as spyware.
Protecting Your Mailboxes from Viruses & Worms
Mi8 protects your mailbox from viruses and worms with advanced,
redundant anti-virus technology from multiple vendors. Our anti-virus
definitions are updated hourly (more often during widespread outbreaks)
and our intelligent scanning technology captures threats for which
definitions are not yet available. We scan all messages inbound from and
outbound to the Internet with this advanced technology.
However, more worms today are spreading through vulnerabilities in
Microsoft Windows or Internet Explorer, instant messaging clients,
peer-to-peer sharing networks, and other commonly installed software
packages - often without any action required on the part of your users!
Note, too, that while Mi8 provides advanced anti-virus for emails
delivered through our systems, many of your users are probably checking
their Hotmail, GMail, or Yahoo!Mail accounts from your office, providing
another way for threats to enter your network. For these reasons, Mi8
strongly recommends that you also deploy up-to-date desktop anti-virus
software. Additionally, we strongly urge you to document your corporate
policy about updating your systems with security patches (e.g., with
Windows Update and
Office Update), and ensure your users follow this
policy closely.
Spam
Spam is unsolicited email on the Internet. From the sender's
point-of-view, it's a form of bulk mail, often to a list culled from
subscribers to a Usenet discussion group or obtained by companies that
specialize in creating email distribution lists. To the receiver, it
appears as junk email.
By any measure, spam has exploded into a major issue. Leading providers
of spam protection tools report that some 80 to 90 percent of all
internet email today is spam, and the number continues to grow. Spam
clogs our mailboxes to the point where it threatens viability of email
as a communications tool. It also routinely carries viruses,
identity-theft scams, spyware, zombie bots and other serious security
threats.
The entire Internet industry is working to combat spam. Mi8 is a member
of various coalitions working to protect the millions of online users.
Protecting Your Mailboxes from Spam
Here are some tips for minimizing the spam you receive:
- Be careful about disclosing your email address. Spammers use programs
that search chat rooms, Internet sites, newsgroups - anywhere email
addresses can be found-and use that information to compile their mailing
lists.
- Set up an email address just for use with Internet transactions-and keep
your real address private. Mi8 allows customers to easily create
additional email aliases without opening an entirely new account.
- Share your primary email address only with people you know.
- When including your email address in online profiles or on a personal
website, disguise your email address by writing it in "plain English"
e.g.'Alice at CompanyA dot net'. That way, your address is still
intelligible by humans but not by email gathering software.
- Beware of pre-checked boxes when registering for online services or
shopping indicating you will "accept" emails from that organization.
Uncheck those boxes if you prefer not to receive that organization's
messages.
- When subscribing to email notifications or newsletters ensure that you
have reviewed the website or company privacy policies about selling or
distributing your email address.
Many people have the mistaken belief that keeping their email address
private (e.g., not using it to post to Usenet groups, not providing it
for newsletter subscriptions, etc.) will protect them from ALL spam.
While this will help reduce the amount of spam you receive, spammers
have many other means of capturing (or guessing!) your email address and
adding it to their lists. Mi8 provides a default level of spam
protection for all of our users, including subscribing to professional
blocklists, monitoring spam reports from non-profit industry groups such
as CERN, and more. Additionally, Microsoft Exchange 2003 and Outlook
2003 provides an additional layer of filtering that is automatically
enabled for all users, routing suspicious mail to a Junk Mail folder
under your Outlook Inbox.
For users with more advanced protection needs, Mi8 offers advanced anti-spam protection for our clients. Please
contact Mi8 Client Support Services (support@mi8.com)
Phishing/Identify Theft
In a phishing attack, a fraudster spams the Internet with email claiming
to be from a reputable financial institution or e-commerce site. The
email message urges the recipient to click on a link to update their
personal profile or carry out some transaction. The link takes the
victim to a fake website designed to look like the real thing. However,
any personal or financial information entered is routed directly to the
scammer; if information is provided to these sites, users can fall
victim to unauthorized credit card purchases or even identity theft.
Protecting Your Mailboxes from Phishing & Identify Theft
The best way to protect yourself from phishing is to educate yourself
about typical scams, and to remain suspicious about ANY email asking you
to provide private information (account numbers, passwords, etc.)
Some phishing scams have been identified as targeting customers of
specific banks, ISPs, etc. For example, one common message claims to
represent the "Verizon Billing Team" and instructs recipients to provide
extensive credit card and personal information by way of an email link
in order to maintain account access:
Dear Verizon Customer,
This is a repeat request, failure to reply will lead to termination of
your account and/or additional service fees.
We could not process the subscription fees for previous billing period
to the account ticket Vze3jcb-VU-724-9401-3450.
Please see the Billing Update Page, located at:
[link removed]
and confirm your payment details instantly to prevent the occurrence of
additional service fees.
Thank you for your prompt attention to this serious matter.
Sincerely,
Karen Kell'Atti
Verizon Online |
Another common example targets Paypal:
Dear joeshmoe@hotmail.com:
It has come to our attention that your PayPal billing information
records are out of date. This requires you to update the Billing
Information.
Failure to update your records will result in account termination or
suspension. Please update your records in maximum 24 hours. Once you
have updated your records, your Paypal session will not be interrupted
and continue as normal. Failure to update will result in termination of
service, Terms of Service (TOS) violation or future biling problems.
Click here to update your billing records [link removed]
Thank you for using Paypal!
The Paypal team
|
In all cases, the link to the website takes users to a very
realistic-looking facsimile of the legitimate website.
If you receive a suspicious email like the examples above, DO NOT REPLY
TO IT. Instead, Mi8 urges you to take the following actions:
- Do not open any attachments.
- Do not click on any associated links or provide any information that the
email requests.
- Delete the message immediately.
Mi8's Advanced Spam Control Service, provided in partnership with
Postini, provides an advanced level of protection, catching a high
percentage of phishing mail messages. For those messages that do make it
through to your mailbox, here are additional tips for identifying a
possibly fraudulent email:
- Tip No. 1: In most email applications, if you move your mouse cursor
over a clickable link without actually clicking it, the status bar at
the bottom of the browser window will display the name of the Web site
you will be sent to if you click the link. If the link displayed in the
status bar is different than the link shown, there is a good chance that
the message is not authentic.
- Tip No. 2: If you suspect an email message may be fraudulent, instead of
clicking on a link listed in the email, open a new web browser window
and manually type the web site address into it. By manually typing the
web site address in a new browser window, you eliminate the possibility
of being sent to a "hidden" site address by the link in the email
message. Remember that even when using this technique, you should still
take appropriate precautions to ensure the validity of the email and web
site you are surfing to.
- Tip No. 3: If you have questions about the authenticity of a web site
that asks you for credit card or other personal information, call the
company's customer service telephone number before providing any data.
- Tip No. 4: If you click on a link within an email you receive and it
takes you to a legitimate web site but a window pops up on top of the
web site that is asking you for personal information, this is a phishing
scam. Legitimate companies will never ask for personal information of
any kind in a pop-up window; these requests are only made through a
secure Web page (with links starting with https).
|
