Identify and Protect Your Firm from Malicious Emails
August 24, 2016
Between October 2013 and February 2016, there have been more than 17,000 reported victims of malicious emails, costing US businesses more than $2.3 billion. In fact, in April of this year, the FBI issued a formal warning regarding Business E-mail Compromise (BEC), reminding organizations to be wary of email only wire transfer requests and to always validate the legitimacy of email financial transaction requests through phone or face to face conversation.
The three most common ways employees fall victim to business email scams is through:
- Malicious attachments
- Email body content
- Unauthorized senders
It is critical that all corporate team members understand the risks of malicious emails, learn how to identify them and embrace best practices to mitigate BEC threats.
Recently, the Australian Cyber Security Centre published a highly detailed report highlighting how system administrators and IT security advisors can mitigate the risks posed by malicious emails. Recommendations included:
- In addition to blocking all malicious attachments, administrators should also block encrypted attachments and protected archives since these files cannot be inspected by email content filters.
- Archived files should also be decompressed so files within can be inspected.
- In the event that a particular malware has yet to be identified by a security vendor, administrators can take extra precaution running the potential attachments in a sandbox to perform an automated dynamic analysis.
- Instead of blacklisting file types, whitelist acceptable file extensions, as the latter list will be shorter and easier to manage.
- Employees should always hover over all link addresses in the email body in the event they are targeted by a phishing scam.
- Administrators can replace active web addresses with non-active versions so employees have to copy and paste the links into their browsers.
- Implement DMARC (Domain-based Message Authentication, Reporting, and Conformance) to allow domain owners to decide what action must be taken if the recipient’s email server fails a SenderID/Sender Policy Framework (SPF) check.
- Enable SenderID/SPF checks to verify that the origin of emails are from the domain they claim to be. If the check fails, those emails should be blocked immediately as they can be a phishing attempt.
To see the full report entitled Malicious Email Mitigation Strategies, please click below: