Spam Advice

Failure to Block Phishing Attack Results in HIPAA Fine

by G Hunt | December 29, 2022 | Spam Advice

Entities covered by the Health Insurance Portability and Accountability Act (HIPAA) are required to implement safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI). PHI is individually identifiable information that relates to the past, present, or future health of an individual or payment for healthcare. The security safeguards are detailed in the HIPAA Security Rule and compliance is enforced by the Department of Health and Human Services’ Office for Civil Rights and state Attorneys General. When there is a data breach involving PHI, OCR investigates. Investigations are also commonly conducted by state attorneys general to determine if a data breach was the result of a failure to comply with HIPAA.

OCR and state attorneys general understand that it is not always possible to prevent data breaches. Many data breaches are reported each year that are investigated, and the cases are closed because the covered entities have implemented appropriate security measures, only for them to be bypassed. However, when insufficient measures are put in place to safeguard PHI, financial penalties are typically imposed.

The HIPAA Security Rule does not provide a list of security measures that must be implemented to block phishing attacks, as HIPAA was developed to be flexible. HIPAA-covered entities should conduct a risk analysis and reduce risks to a low and acceptable level using a range of measures and by adopting recognized security practices. HIPAA specifies access controls as a security safeguard, which involves the use of strong passwords and ideally multifactor authentication. HIPAA-covered entities must also stay abreast of recently disclosed vulnerabilities and make sure that patches are applied and software is updated to the latest version. The HIPAA Security Rule also calls for security awareness training to be provided to the workforce, and while the frequency of training is not specified, OCR has explained in its cybersecurity newsletters that the program should cover new and current threats and that the training program should be continuous, rather than providing a once-a-year training session.

Recently, Avalon Healthcare, a provider of skilled nursing and assisted living facilities, discovered that the failure to implement appropriate defenses to block phishing attacks is grounds for a financial penalty for non-compliance with the HIPAA Security Rule. After being notified by Avalon Healthcare that email accounts containing the PHI of 14,500 individuals had been accessed by unauthorized individuals, the Oregon and Utah Attorneys General launched an investigation to determine whether non-compliance with the requirements of HIPAA was a factor. The investigation was triggered by a very late breach report, which was 10 months after the phishing attack was detected when data breaches must be reported within 60 days. In addition to determining that the delay violated HIPAA and state laws, the investigation revealed a lack of security safeguards for combatting phishing.

Avalon Healthcare chose to settle the case and paid a $200,000 financial penalty and agreed to adopt a comprehensive information security program that includes email filtering and training for all members of the workforce on phishing and social engineering identification and avoidance, including conducting phishing simulations on the workforce. Had a comprehensive training program been in place, it is possible that the phishing attack would have been detected and avoided.

TitanHQ understands the importance of providing training to the workforce which is why a security awareness training solution has been added to the product portfolio. SafeTitan is a comprehensive training solution for businesses of all sizes that covers all aspects of security, including training employees to recognize phishing, social engineering, and other cyber threats. The platform also includes a phishing simulator for creating and automating phishing simulations on the workforce. SafeTitan security awareness training and phishing simulations have been shown to reduce the susceptibility of the workforce to phishing attacks by up to 80%, and will help to ensure that HIPAA-regulated entities comply with the security awareness training requirements of the HIPAA Security Rule.

If you do not currently provide ongoing security awareness training to your workforce, contact TitanHQ to find out more about the difference this will make to your security posture and how easy it is to provide training through the SafeTitan platform. Like all TitanHQ cybersecurity solutions, SafeTitan is available on a free trial to allow businesses to see for themselves how easy the platform is to use.

How to Manage Requests to Disclose Employees Passwords

by G Hunt | March 15, 2021 | Spam Advice

How many times have you had a phone call or an email from a manager in your organization asking for you to give them the password of an employee to enable them to access their email account?

This request is often made when an individual is on leave and a call is received from a client or colleague wanting to know if they have actioned a request sent before they left. All too often a client has sent an email to their account manager before he or she went on vacation, but it was accidentally missed.

Access to the email account is necessary to avoid embarrassment or to ensure that a sales opportunity is not missed. Maybe the employee in question has failed to set up their Out of Office message and clients are not aware that they need to contact a different person to get their questions answered.

In years gone by, managers used to keep a log of all users’ passwords in a file on their computer. In case of emergency, they could check the password and access any user account. However, this is risky. Nowadays this is not acceptable behavior. It also invades the privacy of employees. If a password is known by any other individual, there is nothing to stop that person from using those login credentials any time they like. Since passwords are frequently used for personal accounts as well as work accounts, disclosing that password could compromise the individual’s personal accounts as well.

Maintaining lists of passwords also makes it harder to take action over inappropriate internet and email use. If a password has been shared, there is no way of determining whether an individual has broken the law or breached company policies. It could have been someone else using that person’s login.

IT staff are therefore not permitted to give out passwords. Instead they must reset the user’s password, issue a temporary one, and the user will need to reset it when they return to work. Many managers will be unhappy with these procedures and will still want to maintain their lists. Employees will be unhappy as they often use their work email accounts to send personal emails. Resetting a password and giving a manager access could be seen as a major invasion of privacy.

What is the solution?

There is a simple solution which will ensure that the privacy of individuals is assured, while forgotten Out of Office auto-responders can be set. Important emails will not be missed either. To do this you can set up shared mailboxes, although these are not always popular.

Do this in Outlook and a manager may need to have many set up in their Outlook program. It will also be necessary for them to train staff members how to use the shared mailboxes, and policies might need to be written. They may need to have to permanently keep the mailboxes of multiple teams open in Outlook.

Is there an easier option?

There is another choice, and that is to delegate permissions. It is more complicated to implement this control as it requires an MS Exchange Administrator to provide Delegate Access. Using Delegate Access will make it possible for an individual, with the appropriate permissions, to send an email on behalf of another employee. This means mailboxes do not have to be open all the time. They can just be opened when an email needs to be sent. This may be ideal, but it will not allow a manager to set up a forgotten Out-of-Office auto-responder.

That would require a member of the IT department, a domain manager, to do it. A ticket would need to be submitted requesting the action. This may not be popular with managers, but it is the only way for the task to be performed without revealing the user’s login credentials or setting up a temporary password which would breach their privacy.

You might be unpopular, but security is vital

If you encounter resistance, you must explain the reasons why password sharing is not permitted: The risks it poses and the problems it can cause.

These matters should be included in a company’s computer, Internet and email usage policies. If the sharing of passwords contravenes company policies, any requests to share passwords would result in the IT department breaching those policies. Requests to divulge that information would therefore have to be denied.

Of course, Out-Of-Office auto-responders are not an IT issue. This is an issue that should be dealt in staff training. It is also a check that a manager should make before a member of staff leaves and goes on holiday, while the employee is still at work.

The dangers of password sharing

Organizations are facing an ever-growing threat from cybercriminals. In 2019 and 2020, we have seen many high-profile data breaches, resulting in serious financial repercussions and damaged brand reputation. Password-sharing at work carries a massive  risk for organizations. 81% of breaches originate with stolen or weak passwords. When hackers gain entry to your system, shared passwords make it easier for them to access other parts of your network.

If by chance an intruder finds a document full of shared passwords in a employee’s Google drive that opens up the entire system to attack.  This also exposes your organization to legal issues if customers’ privacy rights are violated.

Why do employees share passwords ?

Sharing passwords is extremely risky for the organization . Oftentimes the reason cited for doing this is easier collaboration with colleagues. Sometimes employees share passwords because it’s the company policy. In these situations it’s vital for I.T. to intervene and provide a better way for employees to collaborate, and potentially serious consequences down the road.

Reasons why passwords should never be shared, even with a manager

• Passwords are private: This is a fundamental element of IT and network security. This rule cannot be broken or bent
• There are alternatives to sharing of passwords that will achieve the same aim: ticket requests, shared mailboxes, and delegate permissions these should be used instead
• The sharing of passwords violates an individual’s privacy
• If a password is shared, the results of an account audit cannot be trusted.
• Password reuse– Many people use the same password to access multiple accounts and platforms. By sharing reused passwords, employees increases the risk a single stolen password poses for companies.
• You’re responsible for any activity conducted under your username. If someone else is logged in under your account, you’re still responsible for whatever happens.Data security is more important than an auto-responder
• Bring Your Own Device (BYOD) – Employees are increasingly working from home and use their personal smartphones and laptops in addition to company-issued devices. The WFH trend has led  to productivity gains. Unfortunately, the benefits can easily be wiped out if passwords shared with friends or family gives unauthorized access to your network and confidential data.
• Acceptable Usage Policies would be violated

Multi-Factor authentication to stop password sharing

 When MFA is in place, access is only possible when the user validates using two authentication factors. For example, they initially enter their password but must then complete a second authentication request. This could be a code received via a device. Multi-factor authentication, like any security approach, works best when used in tandem with other security strategies.

If a ban on password sharing does not exist in your organization, it must be implemented as a priority. You will not be able to do this without the support of senior managers. You may not feel that it is your job to try to implement a ban, but you should make a case for it. It will help your department protect the network, it will save you time in the long run, and it will be better for the business.

To find out more about password security and some of the key protections you can put in place to improve your resilience against attacks, contact the SpamTitan team today.

How to Improve Your Email Defenses and Block Spear Phishing Attacks

by G Hunt | December 23, 2019 | Spam Advice

The majority of businesses have experienced a phishing attack in the past year, and according to one survey on SMBs in the United States, 72% have experienced a phishing attack in the past 3 months.

In healthcare, phishing is the leading cause of data breaches by some distance. In November 2019, there were 17 phishing-related data breaches reported to the Department of Health and Human Services Office for Civil Rights out of 33 for the month. Since OCR only makes breach reports public if they have resulted in the exposure of 500 or more records, the total number of phishing attacks is likely to be substantially higher.

Phishing attacks are increasing, and the reason is simple. Phishing is the easiest way of attacking an organization to deliver malware or obtain sensitive information. That is because phishing targets the weakest link: Employees. Employees are getting better at identifying phishing emails through security awareness training, but cybercriminals have responded and are now conducting highly sophisticated phishing attacks that are much harder for employees to identify.

There has also been an increase in spear phishing attacks. This is a much more targeted form of phishing. Instead of millions of emails being sent out in a campaign, only a handful are sent or to very specific targets. The emails are written to maximize the chances of success and are usually personalized.

So how can a business improve its defenses against phishing and spear phishing? Unfortunately, there is no silver bullet. Businesses need to take a defense in depth approach to significantly improve resilience to phishing attacks.

The best place to start is with an advanced email security solution. Phishing requires some form of manual action in order to succeed. If you prevent phishing emails from reaching inboxes, employees will not be able to click on links or download malware. An advanced email security solution will be able to block the vast majority of phishing emails before they reach your email system.

You will no doubt already have a spam filtering solution in place, but is it effective? Are phishing emails still being delivered? One common mistake made by SMBs is to believe that their Office 365 environment is well protected by default, when the reality is Exchange Online Protection (EOP) that comes with Office 365 fails to block many phishing attempts. One study showed 25% of phishing emails were not blocked by EOP. If you want to improve your defenses against phishing, you should use a third-party anti-spam and anti-phishing solution on top of EOP: One that compliments EOP but provides greater protection. SpamTitan for example.

With more phishing emails being blocked, your security posture will be much improved, but you can’t stop there. No anti-phishing solution will block all phishing threats, 100% of the time. Since all it takes is for one phishing email to be clicked for a data breach to occur, you need to add another layer to your defenses.

A DNS filtering solution provides protection against the web-based part of phishing attacks. When an employee clicks a link in an email and is directed to a fake Office 365 login page or a site where malware is downloaded, the attempt to access the site will be blocked.

A DNS filter blocks attempts to access phishing sites at the DNS lookup stage, before any web content is downloaded. If an attempt is made to access a phishing site, the employee will be directed to a block page before any harm is done. DNS filters can also block malware downloads from sites that are not yet known to be malicious.

Employees are the weak link that are targeted by cybercriminals so it is important they are trained how to recognize phishing emails. You should provide security awareness training regularly to develop security aware culture in your organization. Over time, employees can be conditioned to respond correctly and report phishing threats to the security team. Also conduct phishing simulation exercises to make sure training has been effective. A failed phishing simulation allows you to identify a weak link and provide further training.

If all of the above defenses have failed, there is another layer that can keep your business protected: Multi-factor authentication. MFA requires another factor to be used before access to an email account or other system is provided. If an employee’s login credentials are disclosed in a phishing attack, MFA should stop those credentials from being used by a cybercriminal to access to gain access email accounts and other systems.

All of these layers are necessary to block today’s sophisticated phishing threats. It may seem like a lot of expense, but the above anti-phishing measures need not be expensive. TitanHQ can’t train your employees to be security titans, but through SpamTitan Email Security and WebTitan DNS filtering, phishing threats can be blocked.

How to Avoid Email Server Blacklisting

by G Hunt | September 8, 2016 | Spam Advice

Knowing how to avoid email server blacklisting is vitally important for any organization that relies on email as a channel of communication. The consequences of your email server being blacklisted can be costly, inconvenient, and potentially damaging to your organization´s credibility.

To best understand what email server blacklisting might mean to your organization, it is ideal to have a little knowledge about how email server filters work. Consequently we have divided this post into three sections explaining a little about email server filters, what may cause your email server to be blacklisted, and how to avoid email server blacklisting.

A Little about Email Server Filters

Email server filters do not actually filter your incoming emails at server level. They protect your organization from spam emails and other email-borne threats from the cloud or as a virtual appliance installed between your firewall and your email server. The distinction between the two types of filter is that virtual appliances can be more appropriate for some larger organizations.

Regardless of how they are deployed, email filters effectively work in the same way – using fast front-end tests to detect and reject the majority of spam emails before a deeper analysis is conducted of the email that remains. One of these front-end tests is a comparison of each email against a list of known sources of spam. This list is known as the Realtime Block List or RBL.

If your organization´s IP address appears on this list, all of your emails will be rejected by most email filters until the IP address is removed from the list – something that can take anything from 24 hours to six months to resolve completely. During this time you will have to ask your customers and other contacts to add your email address to a safe list or “whitelist”.

Why Was My Email Server Blacklisted?

There are several reasons why an email address (or IP address) can be blacklisted, and it is important to find out the exact reason(s) before trying to get your organization´s IP address removed from the Realtime Block List. If you fail to identify the cause, and fail to take steps to avoid email server blacklisting in the future, it can be much tougher to get un-blacklisted second time around.

Blacklisting typically occurs for one of several reasons:

• Your system has been infected with a spambot that has created multiple email accounts within your organization´s domain and is using those accounts to send out spam email.
• Someone in your organization may have revealed their login credentials and a spammer is using that information to send spam emails from the end-user´s email account.
• Emails sent innocently from one or more end-user accounts have had a high proportion of spam-related keywords, or have had infected files attached to them.

The last scenario is entirely possible if an end-user has prepared a presentation or spreadsheet on an infected home computer and bought the infected file into the workplace on a flash drive. Most email filters have antivirus software for identifying malware in attachments. If the infected attachment is sent to multiple recipients – and identified by multiple email filters – your organization´s IP address will quickly be blacklisted.

How to Avoid Email Server Blacklisting

Ideally, organizations should be able to avoid email server blacklisting by having robust antivirus protection and educating their end-users about online security. There should also be an email usage policy in place that would avoid email server blacklisting due to inappropriate content or unsafe attachments – even when these events occur inadvertently.

Click to View

Unfortunately end-users are the weakest link in the security chain, and it only takes one end-user to click on a malicious URL or reveal their login credentials for an organization´s IP address to be blacklisted. In fact, if blacklisting is the worse consequence of a security breach, your organization has got off lightly and should consider itself lucky that the consequences were not far more serious.

Consequently, the best way how to avoid email server blacklisting is with an email filter that has malicious URL blocking to prevent end-users visiting malware-infested websites, with phishing protection to reject emails directing an end-user to fake website, and outbound scanning to identify potential spam and infections contained in – or attached to – outgoing emails.

Avoid Email Server Blacklisting with SpamTitan

Not all email filtering solutions have mechanisms to avoid email server blacklisting. However, SpamTitan has taken these factors into account in the design of SpamTitan Cloud and SpamTitan Gateway. Both of our solutions for email filtering use “URIBL” and “SURBL” protocols to compare links contained within inbound emails and their attachments against a global blacklist of known malicious and phishing sites.

The same protocols – along with several other mechanisms – are used in the scanning of outbound mail to ensure it is clear of viruses and could not be interpreted as having spammy content. Outbound scanning would also identify spam emails originating from a spambot or a compromised email account in order to prevent it from being sent and avoid email server blacklisting.

Naturally, you do not want your end-users to be under the impression that their emails have been sent when they are caught by the outbound filter. So SpamTitan Cloud and SpamTitan Gateway have comprehensive reporting features that advise of any problems in order that the problems can be rectified quickly and effectively – certainly more quickly than trying to get your organization´s IP address removed from a Realtime Block List.

Holiday Email Spam Season is Upon Us

by G Hunt | November 25, 2015 | Spam Advice

‘Tis the season to be jolly, but it is also the season for holiday email spam. Malware infections increase during holiday periods and this year is unlikely to be any different. Holiday email spam is coming, and it doesn’t matter whether you’ve been naughty or nice. If you do not take precautions, you are likely to receive a gift of malware this Christmastime.

Holiday email scams are sent in the billions at this time of year because of one simple fact: They work. People let their hair down over Christmas and New Year, but they also let their guard down. That gives online criminals an opportunity to get malware installed, fool consumers with phishing campaigns, and generally cause some festive mayhem.

Holiday email spam is now being sent: Avoid the Christmas rush and get your malware now!

Christmas week may see many people infected with malware, but the run up to Christmas can be even worse. As soon as the first decorations go up in the shops, holiday email spam starts to be sent. Email is commonly used to send malware.

Nasty malicious programs are masked as Christmas screensavers, phishing campaigns will appear as festive quizzes, and you can expect an African prince to need your assistance with a huge bank transfer. Don’t be surprised to find out that you have won a Sweepstake in a country you have never visited or that one of your online accounts will be hacked requiring you to receive technical support.

These and many more scams will be delivered in a wave of holiday email spam and, if you let your guard down, you may inadvertently fall for one of these often cleverly devised scams. Some of the latest phishing scams are incredibly convincing, and you may not even realize you have fallen for the scam and have become a victim.

Employers Beware: End users are especially gullible at this time of year

Everyone must be wary at this time of year due to the huge increase in spam email campaigns. Employers especially must take care as employees can be particularly gullible at this time of year. Their minds are on other things, and they are not as diligent and security conscious as they may usually be.

To make matters worse, each year the scammers get better and holiday email spam becomes more believable. If one of your employees falls for holiday email spam attack, it may not only be their own bank account that gets emptied. Phishing campaigns are devised to get employees to reveal critical business data or login credentials. The FBI has warned that business email is being targeted. In the past two years over 7,000 U.S. firms have been targeted and have suffered from criminal attacks. Those attacks initially target employees, and the festive season is an ideal time for a business email compromise (BEC) attack to take place.

Common Holiday Email Spam Campaigns in 2015

Send an email bulletin to your employees highlighting the risk that holiday email spam poses, and warn them that they may shortly start receiving phishing emails and other spam campaigns. They are likely to have forgotten how risky the festive season can be.

Business Email Compromise (BEC) Attacks

The FBI has already released a warning this year to organizations that perform wire transfers on a regular basis and/or work with foreign suppliers. They are being targeted by cybercriminals using sophisticated scams that start with the compromising of a business email account. Social engineering and phishing tactics are used to get employees to reveal their login credentials. Once access to bank accounts has been obtained by criminals, fraudulent transfers are made. Holiday email spam campaigns are expected to be sent targeting organizations and specific employees within those organizations. During the holiday period employees must be told to be ultra-cautious.

Holiday e-card scams

Holiday e-card scams are common at Christmastime. Criminals take advantage of the growing popularity of e-cards and send out spam emails in the millions telling the recipient to click a link to download their e-card. However, those links are sent to convince users to download malware to their computers. Any email containing a file attachment claiming to be an e-card is likely to be fake. The attachment may be malware.

Holiday-themed screensavers

Christmas and other holiday-themed screensavers are commonly downloaded by employees. These screensavers can be fun and festive, but may actually be malicious. Employers should consider implementing a ban on the downloading of screensavers as a precaution. Staff members should be warned that any .scr file sent in an email should be treated with suspicion and not downloaded or installed. Criminals mask attachments and the .scr file may actually be an executable file that installs malware.

Ashley Madison revelations and TalkTalk scams

A number of major data breaches have been suffered this year that have resulted in customer data being exposed. Criminals are threatening to expose personal data, especially in the case of Ashley Madison clients. Emails are sent threatening breach victims, informing them that they must pay not to have their data posted on the internet. Some criminals will be in possession of the data; other scams will be speculative. If an email is received, it is essential that professional advice is sought before any action is taken.

If you receive an email asking you to take action to secure your account after a company you use has suffered a data breach – TalkTalk for example – it is essential to only change your password via the official website. Do not click on links contained in emails. They may be phishing scams.

Free Star Wars tickets

You can guarantee that such a major event for moviegoers will be the subject of multiple email spam campaigns. Criminals would not pass up the opportunity to take advantage of the release of a new Star Wars film.

There are likely to be competitions aplenty, free tickets offered, and many other Star Wars spam campaigns in the run up to the release. This is the biggest movie release of the year for many people. Fans of the films are excited. They want to see snippets of the film, read gossip, and find out if Luke Skywalker will actually be in the new film. Many people are likely to fall for scams and click phishing links or inadvertently install malware.

Get prepared this holiday season and you can keep your computer and network spam and malware free. Fail to take action and this holiday time is unlikely to be jolly. Quite the opposite in fact.

Chimera Ransomware Raises Stakes to Get Victims to Pay Up

by G Hunt | November 23, 2015 | Spam Advice

Criminals are increasingly using ransomware – Chimera ransomware for example – to extort victims. Ransomware encrypts certain file types with a powerful algorithm that cannot be unlocked without a security key. Unfortunately, the only person to hold that key is the hacker responsible for the ransomware infection.

Organizations and individuals that perform regular data backups can avoid paying the ransom demands and not face losing important files. If files are encrypted, they can be recovered from backups – provided of course that regular backups of critical data have been performed. Worst case scenario: Some data may be lost, but not a sufficient amount to warrant a ransom being paid.

Criminals are aware of this failsafe and have recently started to up the stakes. The criminals behind Chimera ransomware have been found to be using a new tactic to scare victims into giving into their demands. Even if a backup file has been made, victims can be easily convinced to pay the ransom. They are told that if the ransom is not paid, the files will be made public. Confidential information will be posted on darknet sites or listed for sale in online marketplaces.

Criminals Target Businesses and Encrypt Critical Files Using Chimera Ransomware

Hackers are known to send ransomware out randomly. The more computers that are infected; the more ransoms can be collected. Chimera ransomware on the other hand is being used more specifically, and small to medium sized businesses are being targeted. This stands to reason. An individual may not be willing, or able, to pay a ransom. Businesses are different. They may have no choice but to pay to have files unlocked. If data are posted online, the potential cost to the business could be far higher than the cost of the ransom.

How are computers infected with Chimera ransomware?

Spam emails are sent to specific individuals within an organization. Those emails contain innocent looking email attachments: the types of files that would commonly be received by the individuals being targeted. Business offers are sent, applications for employment, or invoices.

Attachments may not be opened or could be blocked by spam filters. To get around this issue, hackers often send links to cloud-storage services such as Dropbox. The user clicks the link and downloads the malware thinking it is a genuine file.

Once installed the malware gets to work encrypting files stored on local and mounted network drives. The user is not made aware of the infection until their computer is rebooted. In order to unencrypt files, the end user must pay the ransom. This is typically $500 in the form of Bitcoins.

It is not known whether hackers have acted on their threats to publish company data. Many businesses have been too scared to find out and have given in to the ransom demand.

How to protect your business from Chimera ransomware

There is no such thing as 100% protection from Chimera ransomware, but it is possible to reduce the risk of infection to a minimal level. Installing Anti-Spam solutions can prevent malware from reaching inboxes; however not all products offer protection from phishing links.

SpamTitan software on the other hand employs a powerful spam filter which uses dual AV engines to maximize the probability of malicious emails being caught. It also includes an anti-phishing module to protect against phishing links. If you don’t want to have to pay a ransom to recover your data, installing SpamTitan is the logical choice.

Are you protected from Chimera Ransomware? Would you risk the publishing of your business data or would you pay the ransom?

Beware of the New Electric Ireland Phishing Scam

by G Hunt | November 19, 2015 | Spam Advice

If you live in Ireland, you may receive an email offering you a refund on your electricity bill; however, the email is not genuine. Scammers are targeting current and former customers of Electric Ireland hoping they will respond to the offer of a refund. By doing so they will receive no money. They will just have their bank accounts emptied.

The Electric Ireland phishing scam is highly convincing

The Electric Ireland phishing emails appear to be genuine. They give a valid reason for clicking on the link contained in the email, and have been well written. The link directs the recipient to a phishing website that looks genuine. Even the request made on the website is perhaps not unreasonable.

In order to receive the refund, customers must enter in their banking information to allow the electricity company to make a transfer. In order to confirm their identity, current and former customers must supply proof of identity. The scammers ask for a scan of customers’ passports.

Other reports indicate that some customers have been sent links to fake websites that require them to disclose their mobile phone numbers as well as security codes and passwords.

It is unclear how the scammers have obtained the email addresses of Electric Ireland customers, as according to the utility company there has been no security breach, and the database in which customer account information is stored remains secure. However, an audit is being conducted by the company’s IT department to determine if any individual has managed to infiltrate its network or has otherwise gained access to customer data.

A spokesman for the Garda has confirmed that many Irish citizens have already fallen for the Electric Ireland phishing scam and have reported that fraudulent withdrawals have been made from their personal bank accounts.

The Electric Ireland phishing scam is one of many highly convincing campaigns to have been uncovered in recent weeks. Online criminals have become more skilled at crafting emails and setting up malicious websites, and it can be difficult to determine whether a request is genuine or fake.

The Electric Ireland phishing scam may look genuine, but legitimate companies would not send emails requesting sensitive information of that nature to be disclosed over the Internet. It should also be noted that if a company has taken excess funds from a bank account to pay a bill, the company would be able to issue a refund directly to the same bank account. They would not require those details to be provided again – nor request copies of ID, mobile phone numbers, or passwords.

If any individual who has fallen for the Electric Ireland phishing scam they should contact their bank immediately and place a block on their account. This will prevent the criminals from making any fraudulent transfers. However, it may be too late for many customers to prevent losses being suffered.

To reduce the risk of falling for phishing scams, the best defense is to block spam and scam emails from being delivered. To do this a spam filter should be used, such as that provided by SpamTitan. SpamTitan Technologies Anti-Spam solutions also include an Anti-Phishing module to ensure all users are better protected from malicious websites when surfing the Internet.

Any time an email is received that offers a refund, it is ill advisable to click on an email link. Attempts should be made to contact the company directly by calling the number listed on that company’s website. The matter should first be discussed with the company’s customer service department. Never open an email attachment contained in the email, and never divulge confidential information over the internet unless 100% sure of the genuineness of the website.

New Email Money Transfer Scam Uncovered in the UK

by G Hunt | November 9, 2015 | Spam Advice

UK workers are being targeted with a new email money transfer scam, according to a new police intelligence report. The current threat level has been deemed to be high enough to warrant a warning being issued by Financial Fraud Action UK to alert UK employees to the risk of attack.

Rather than the campaign being sent in mass email spam mailings, individuals are being targeted by criminals using a new spear phishing campaign that attempts to fool users into making a transfer from their personal account in order to secure an important work contract, or help resolve an urgent work issue.

The highly convincing scam involves the sending of emails to individuals in a particular organization that is being targeted. The perpetrators of the campaign have masked the email address of the sender, making it appear as if the email has actually been sent by their boss, a work colleague, or member of the accounts department. In some cases, the emails have actually been sent from a real account.

Email money transfer scam conducted in two separate attacks

Criminals first compromise an email account in the organization under attack by gaining access to an individual’s login credentials using a separate phishing campaign or by hacking passwords. Criminals have been able to gather a large amount of data on individuals via social media networks such as Facebook, Twitter, and LinkedIn. That information is subsequently used to craft convincing email campaigns to fool their targets into revealing sensitive information to gain access to their email accounts.

Those accounts are then used to send email requests to other individuals within the organization asking for a bank transfer to be made. The requests are out of the ordinary but, as explained in the scam emails, the payments are critical to the running of the business. Once a transfer has been made, the money is rapidly withdrawn from the scammer’s account. Victims are left with little recourse to get their money back.

The email money transfer scam has proved to be particularly effective. Employees see that the email has been sent by a manager and out of a sense of duty, or fear of job loss, they respond without first checking the genuineness of the email. Oftentimes, the perpetrators of the crime have sent emails from senior managers and partners’ accounts. An employee lower down the ladder would typically not usually have direct contact with these people, lessening the chance of them contacting that person directly to validate the request. Contact information is often provided in the email that will put the target in direct contact with the scammer, who will then validate the request.

Senior managers and partners are the initial targets in this new email money transfer scam. Criminals attempt to fool them into revealing their login credentials. Employees are the secondary targets who actually arrange the transfers to the fraudsters’ accounts. Both groups of individuals should be warned of the risk, and measures should be implemented to reduce the risk of the phishing campaigns being delivered.

To protect against the first attack made by the perpetrators of this email money transfer scam, it is recommended that companies make the following changes to improve security:

• Issue alerts to their employees, including senior managers, warning of the latest wave of phishing campaigns to put them on high alert.
• Enforce changes to email account passwords, ensuring that only secure passwords are used. Stipulate a minimum of 8 characters, force the use of special characters (!,”,£,$,%,^,&,*,(, or ) for example), and ensure that at least one capital letter and number is included.
• Purchase a robust Anti-Spam filtering solution to prevent phishing emails from being delivered to employee’s inboxes. SpamTitan also includes an Anti-Phishing module that can provide additional protection against complex campaigns such as this.
• Ensure that all Anti-Virus software has virus definitions updated on a daily basis
• Scammers often attempt to obtain login credentials by fooling targets into visiting a link to a malicious website containing malware. The sites may contain malicious code that probes for weaknesses in the target’s browser. The attackers then use SQL injection techniques to exploit software vulnerabilities and install keyloggers to obtain passwords. Anti-Phishing software can block these sites, providing protection even if an email link is clicked.
• Security vulnerability scans should be conducted regularly. Updates may be issued regularly so daily checks should be conducted. A scan may reveal a critical Windows 10 security update is required, or Oracle, Chrome, Firefox, Skype, or Adobe Flash may need to be updated.
• Inform employees of the company’s processes for requesting payments via bank transfers and confirm that under no circumstances would an employee receive a request via email to make a transfer to a senior manager or partner.

Protecting end users from becoming victims of an email money transfer scam

End users should also be informed about the correct actions to take when receiving email requests:

• This email money transfer scam relies on the user being fooled into thinking the email has been sent from a manager’s account. End users should check the email address used to make sure it has been sent from a company account, but to be wary that an email could have been hijacked.
• To contact the person who has made the request directly. Since email accounts may have been compromised, this should be done via telephone using the company switchboard or direct deal numbers, not the telephone numbers supplied in the email.
• To exercise extreme caution when receiving any request which appears to be out of the ordinary, especially when that request involves making a bank transfer or requests that sensitive information is disclosed.
• To read any email carefully, and then re-read it to identify spelling errors, grammatical mistakes or language that would be out of keeping with an email typically sent by that individual.

New DRIDEX Malware Email Scam Uncovered

by G Hunt | November 6, 2015 | Spam Advice

A new DRIDEX email scam has been discovered that has prompted an angry reaction from Swedish furniture retailer Ikea. The criminals behind the malware have targeted Ikea customers by sending fake emails encouraging them to open a DRIDEX-infected email attachment. It has been estimated that hundreds of thousands of emails have been sent in the past few days alone.

As is common with spam emails, users are not specifically targeted. Instead the senders of the emails rely on volume. This is why targeting a retailer the size of Ikea is particularly effective. The chances of an email arriving in the inbox of a customer is relatively high in Europe. Many individuals regularly visit IKEA or have done so in the past.

What is particularly worrying about this campaign is the fact the emails look genuine. They contain an attachment which appears to be a purchase receipt from IKEA. The receipt looks exactly the same as one supplied by the store.

IKEA is concerned that the spam emails will tarnish the company’s reputation, even though there is nothing the company could have done to prevent the campaign from being launched. The advice provided is not to open any attachments in emails that appear to have been sent by the furniture retailer.

What is DRIDEX Malware?

DRIDEX is a nasty malware designed to steal online banking login names and passwords, and is a new variant of CRIDEX: A known form of malware with a worm and Trojan variant (W32.Cridex and Trojan.Cridex). The new form of the Cridex malware achieves its objective via HTML injection. This is a technique used by hackers to inject code to exploit vulnerabilities in popular applications such as Java or ActiveX. HTML injection modifies page content.

This method of attack is effective as the user is fooled into thinking a site being visited can be trusted, as the page is located within a trusted domain. When the user enters a login name and password, these are then sent on to the hacker. In this case, the user would reveal their bank logins and passwords, which would then be used to make fraudulent transfers to a hacker’s account.

DRIDEX malware first emerged in November last year and attacks have mainly affected computer users in Europe. Due to the ease at which the perpetrators of this campaign can obtain users’ banking credentials, this malware is particularly dangerous. All users, not just IKEA customers, should be particularly wary about opening email attachments or responding to emails containing links to webpages, especially if the emails are sent from individuals not known to the email recipient.

The malware was first used in the UK, but has since spread around Europe and has now been received in Sweden where IKEA is based. To date it has been estimated that the malware has allowed the perpetrators of the campaign to obtain around £20 million from fraudulent transfers, in addition to $10 million from U.S. banks.  IKEA is now monitoring the situation and is attempting to identify the source of the emails; however, since the perpetrators of campaigns such as this are typically mobile, it is particularly difficult to catch the criminals responsible.

How is it possible to protect against DRIDEX Malware?

Email scams such as this are becoming increasingly common and users can easily be fooled into installing malware. DRIDEX appears to be primarily transmitted by spam email attachments.

Fortunately, there is an easy way of protecting against a DRIDEX malware infection. Since spam emails are now becoming harder to spot, the easiest solution is to prevent DRIDEX emails from being delivered. To do that, a spam filter such as SpamTitan is required.

SpamTitan is able to identify spam emails containing DRIDEX as the signature of the malware is present in the Anti-Virus engines used by the software. SpamTitan uses two separate AV engines which increases the probability of the malware being detected.

Since new malware is being devised and sent with increasing regularity, all email users should also be taught how to identify potential phishing emails as a failsafe to ensure. This will help to ensure they do not become another email scam victim, or inadvertently compromise their employer’s network.

Two New Email Spam Warnings Issued by BBB

by G Hunt | November 4, 2015 | Spam Advice

Email spam may not be the first choice of hackers for making money, but there are plenty of online criminals who still use email to fool users into installing malware on their computers or revealing sensitive information.

This week, two new email spam warnings have been issued following reports that consumers have received emails that have aroused their suspicions. When checking the authenticity of the emails received, they discovered they were scams. The warnings were issued by the Better Business Bureau (BBB) in an effort to prevent the scams from claiming victims.

The latest email spam campaigns differ from each other, but use tried and tested techniques which have proven to be highly effective in the past.

Jury Duty Scam Email Discovered

Trust in authority figures is being exploited in a new email spam campaign in which users are urged to take action as a result of missing jury duty. A similar email is doing the rounds warning recipients of an impending court case. Should the recipient of the email ignore the request, the case will be heard in their absence and they will not be allowed to mount a defense.

The emails shock recipients into taking rapid action such as clicking a link or opening an email attachment. These two emails are clever in the fact they warn users of the need to respond to a judge or turn up in court, yet the crucial information needed to do so is not supplied in the email body.

Any email recipient believing the email is genuine is likely to open the attachment or click a link to find out which court needs to be visited. By doing so they are guaranteed to have their computer, laptop or mobile device infected with malware.

The BBB was alerted to the scams and issued a warning advising recipients of these emails to delete them immediately. Advice provided saying the U.S. Courts would not contact individuals about jury duty by email. Letters are mailed or telephone calls are made in this regard.

Church Leaders Warned not to Fall for Money Transfer Email Spam Campaigns

The second scam was recently reported by the finance director of Grace Bible Church, who received a request via email to transfer funds to a senior pastor. In this case, the email appeared to be official, having been sent from the senior pastor’s email account.

It is a good security practice to always check the authenticity of an email that requests a transfer of funds. In this case all it took was a quick phone call to the pastor in question to reveal that the request was bogus.

If it is not possible to contact the individual, deleting the email would be the best next course of action. If the request is genuine, the individual in question is likely to make contact again. Spammers tend to send these campaigns randomly. A second request is unlikely to be received if the first is ignored.

The Fight Against Email Spam is Getting Easier

Spam email campaigns are still an effective method of malware delivery. Social media posts and infected websites may now be the preferred method of infection, but users must still be wary about opening attachments or visiting links sent from people they do not know.

Awareness of the tell-tale signs of an email scam has improved in recent years. So has security software used to detect phishing campaigns. SpamTitan Technologies is one such company that provides a highly effective spam filtering solution. It boasts an exceptionally low false positive rate and catches over 99.98% of all spam emails.

Part of the reason why SpamTitan’s Award Winning Anti-Spam solution is so effective at catching email spam is in part due to the power of the AV engines used. Instead of using one class-leading AV engine, it uses two: Bitdefender and Clam Anti-Virus.

By installing this anti-spam solution, malicious emails used to phish for sensitive information can be blocked before they are delivered to an email inbox. Businesses looking to reduce the risk of end users infecting their desktop computers, laptops and portable devices with malware and viruses, will find SpamTitan’s Anti-Spam solutions for the enterprise highly cost-effective. Rather than purchasing a package that offers protection for far more IP addresses than are required, IT professionals can purchase a license that covers end users without wastage.

City of London Police Email Scam Warning

by G Hunt | September 15, 2015 | Spam Advice

City of London Police are sending emails containing important information about a murder suspect. You must be vigilant, and if you see this individual, you should not approach him! The attachment sent via email contains his image, so you will know to avoid him and alert the police if you see him. Unfortunately, opening the attachment will make you a victim. You will not be murdered, but you may end up having your bank account emptied. Yes, this is a City of London Police email scam, and it attempts to convince the good, law abiding public to infect their devices with malware.

City of London Police Email Scam Warning!

One of the latest email scams to be wary of, especially if you live in the UK, involves spam emails with the subject “London City Police.” Contained in the email is a bulletin detailing a murder suspect on the loose, together with a malware-infected attachment.

Fortunately for the wary, there is a clue in the subject that the email is not genuine. There is of course no “London City Police.” The police force in question is called “The City of London Police.” That said, the shock of receiving an email from law enforcement about a murderer on the loose may be enough to convince many to open the email and the attachment.

As one would expect, the email contains a stern warning, with the content phrased in such a way that it could in fact have been sent by the police force. A murderer on the loose in London is a serious matter, and this cunning email spam campaign has been devised to play on the fear that such a matter is likely to create.

How would the Police force have got your email address, and those of everyone else living in your area? That is something that many victims of this email scam may ponder after opening the attachment. Of course, by then it will be too late. Opening the attachment will result in malware being installed on the victim’s computer.

Fortunately, email scams such as this are easy to avoid, in fact, they would not even get to the point of being delivered to an inbox, if precautions have been taken, as explained by Steven Kenny, Customer Support Manager at TitanHQ.

Kenny pointed out that by using SpamTitan, computer users will be protected. He said, “This malware was blocked by SpamTitan before it had a chance to make it to users’ inboxes.” He went on to say, “The malware contained in the attachment was flagged as a virus. The attachment is a zip file, once executed; the malware goes to work.”

SpamTitan Blocked the City of London Police Email Scam

The image below is a screenshot of the City of London Police email scam, which was successfully blocked by SpamTitan.

Current High Risk of Malware Infection

Malware poses a major risk to individuals, but businesses are especially at risk of infection. Employees may be wary of opening emails on their own devices, but are they as security conscious at work?

It is perhaps easier to believe that a work email address would be in the police database, rather than a personal email account. This may lead employees to believe that the email is genuine. Unfortunately, all it takes is for one employee to open an infected attachment, and their computer, and the network it connects to could be infected.

Since email is essential in business, protections must be put in place to ensure networks are not compromised as a result of the actions of employees. If malware is installed, the losses suffered can be considerable. It therefore can pay dividends to implement protection such SpamTitan spam filtering. This will prevent malware-infected emails from being delivered to employees’ inboxes.

11 Spam Filtering Essentials to Reduce Email Spam Risk

by G Hunt | July 20, 2015 | Spam Advice

A spam filter is one of the best ways to reduce email spam risk; however regardless of whether you choose this important email security measure, there are a number of steps you can take to reduce email spam risk, keep your devices protected, and your valuable data out of the hands of spammers and scammers.

11 Spam Filtering Essentials to Reduce Network Security Risk

Listed below are 11 spam filtering essentials that you can implement to reduce spam volume and the risk of cyber attacks.

1.      A Real-Time Block List (RBL) is essential

Spam is commonly sent from a known spam server – one that has been blacklisted, or is known to be used by email spammers. Using a Real-time Block List (RBL) is one of the best protections, that will prevent malicious emails from being delivered to inboxes. This one email security feature has been shown to reduce spam email delivery by 70–90%, and it only takes a few minutes to implement.

Even if you use a spam filter this measure is important. It will reduce the load on your spam filter, email server, and network. An RBL works by blocking messages before they are downloaded, which will also help to save bandwidth. There are a number of ways to do this, although zen.spamhaus.org is one of the best. It is widely regarded as being the best at spam blocking, is updated frequently and importantly boasts a very low false-positive rate.

2.      Recipient Verification will block spam sent to invalid email addresses

Spammers like to bombard companies with emails in the hope that some will get through, or that a catch-all is in place and all will be delivered. Common email addresses used are webmaster@, info@, admin@, sales@ etc. etc. These email addresses are commonly used by companies and there is a good chance that they will be delivered to someone. However, you can use Recipient Verification (RV) to reject the bulk of these emails, and only have properly addressed emails delivered.

To do this, use Microsoft Active Directory integration or upload a CSV file of valid email addresses to your spam filter and mail server. This technique will prevent speculative emails from being downloaded and will similarly reduce the load on your spam filter and mail server, and save bandwidth. This method of spam prevention will take longer to complete than setting up your RBL, but it is a worthwhile investment of your time as it will result in a major reduction in spam delivery.

3.      Configure your server to require correct SMTP handshake protocols

This is one of the most effective methods of blocking spambots and it will stop the majority of spambot emails from being downloaded and delivered. This is a fairly quick task to complete, and should only take you a few minutes. You will need to set your configuration to require a HELO (EHLO) with a Fully Qualified Domain Name. However, it is important to note that it may be necessary to add some of your suppliers to a whitelist to ensure that their messages do not also get blocked. Not all of your suppliers and contacts will have their own email servers configured correctly, so genuine emails may be caught and blocked. Individual organizations will find this step particularly beneficial. MSPs less so, or not at all.

By using the above three spam prevention methods – which incidentally can be used on virtually all email servers – you will make a considerable bandwidth saving, and dramatically reduce the number of spam emails that are downloaded. This will also help to protect your network from malware. If you allocate just 30 minutes to do all three, it will save weeks of your time, which can be better spent on other cybersecurity tasks.

4.      Regularly scan for viruses

A basic security measure is use is a robust and powerful anti-virus program, regardless of whether you use spam filtering. If you don’t implement spam filtering, this measure is especially important, as you are more likely to have viruses delivered to email inboxes.

Even with spam filtering in place, it is also important to have anti-virus software installed and, of course, AV engine and virus definitions need to be kept up to date. Software should be configured to update definitions automatically.

With spam filtering in place, it should be possible to stipulate the update frequency. Be aware that a different anti-virus can be employed to protect endpoints. Using the same AV engine for mail servers and endpoints means that if for any reason your AV software does not detect a virus, all endpoints could potentially be affected. By using a different AV engine for endpoints and mail servers, you maximize the probability of a virus being detected. Fortunately, competition is fierce in this market, so you should not have to pay top dollar to have two different engines in use.

The following steps will apply if you have a spam filter. These will apply no matter which spam filter is used, be that open source, commercial or even cloud-based spam filtering.

5.      Certain attachments carry higher risks so block them!

Executable files – those with a .exe suffix – are particularly risky. Fortunately, it is not necessary to run the risk of a user double clicking on them. The best option is to block these file types and other risky file types if they are not typically needed by staff members. Be aware that spammers are sneaky. It is common knowledge that .exe files are risky, so they mask them with other extensions: PDF, XLS, DOC files for example. To counter this, block by MIME type, not by file extension.

6.      Take Action to Block Phishing Emails

Phishing emails can easily fool employees into clicking on links that direct them to URLs loaded with malware. There are a number of URLs that are recognized as phishing websites and it is possible to block these quickly and easily. To do this, use SURBL and URIBL lists to check for website domains that frequently appear in unsolicited emails.

7.      Ensure that your spam pattern library is regularly updated

You may find that your spam pattern library cannot be configured manually, as this may be hard-wired into your spam filter. Spam signatures are based on a huge database containing recently added spam, as well as past signatures, with the spam-fighting community adding to the database on a daily basis. There are many different resources that can be used, although if you want to ensure you have a fully up to date database of spam signatures, SpamAssassin is arguably the best choice.

8.      Bayesian filtering will recognize more spam and block less ham

A Bayes engine is used by most spam filtering engines and can be trained to recognize spam, and differentiate it from ham (i.e. not spam). It is therefore important to use a regularly updated spam pattern library, which will assign incoming emails with a score, in addition to using feedback provided by end users. The Bayes engine learns what is spam and what is not, and will apply the lessons learned to new emails that are received, constantly improving its detection rates to ensure all spam is caught, and false positives are reduced.

9.      Stipulate the spam score that is right for your company

As a system administrator you have the power to decide what spam score is right for your company. This will depend on how much risk you want to take. You will find that spam filters will usually allow you to dictate how aggressive they are, although you may find this requires a certain degree of tweaking to ensure that spam doesn’t get through and ham doesn’t get accidently blocked. A spam score is assigned by a number of factors, although the type of attachments and the email content are the two main ways that the spam score is calculated. This process is not particularly time consuming, but bear in mind that the first two weeks after your spam filter has been installed is when this task will need to be completed. Be sure to use your trial period to tweak your spam filter to ensure that spam is blocked and the number of false positives are kept to a minimum.

10. Get your end users working for you

Your spam filter will not always get things right, and some spam and junk emails will slip through the net from time to time. It is therefore useful to instruct end users to manually mark any spam and junk emails received, should they get delivered to their inboxes. End users can help to train your Bayes engine to recognize new spam emails and correct false positives.

11. Provide email security awareness training to employees

Nowadays it is essential that all staff members receive security awareness training. They must be taught how to identify spam emails, phishing campaigns, and potential viruses. They must also be informed of the correct actions to take if they do discover a phishing scam or suspect that an email may contain malware or a virus. Also instruct them on the correct actions to take if they do accidentally open a suspicious attachment.

Is it the job of a system administrator to train employees how to protect themselves and their computers? Arguably it is not, but it can save a lot of headaches down the line. Even a little training can go a very long way. Unfortunately, this is an area of email security that is all too often forgotten.

What is essential, is that employees are aware of the risks of falling for a phishing campaign or downloading malware. In some cases, it could spell the end of a company, and along with it, their jobs. You can always use CryptoLocker to scare employees into paying attention.

Training could well make all the difference. Besides, if you do provide training and employees still take risky actions and infect the network, you will have a clean conscience and can say it is not my fault! And be justified in saying it.

Time to Beef Up Your Password Security (The Easy Way)

by G Hunt | March 23, 2015 | Spam Advice

The administration of usernames and passwords is time consuming business, although there is some good news for system administrators. Both Yahoo and Google have now produced alternatives. Google’s Authenticator and the On-Demand passwords from Yahoo look like they could well be viable solutions, but at the present moment in time, they are not universal. It is probable in the short to medium term that passwords will be required as the last line of defense against cyberattacks. It is essential that the last line holds strong, so two-step verification must be implemented.

Since you are going to have to carry on using passwords for the immediate future, it is a good idea to make some changes that will make administration tasks a lot easier, more straightforward and less time-consuming. Furthermore, we recommend making some changes to ensure your last line of defense is particularly strong. It may be tested.

Improve the strength of your passwords

You can use a Single Sign On (SSO) session to gain access to everything. Many people do. Even cybercriminals. SSO makes life easier because you can access everything you need to with the one password. Unfortunately, a hacker or cyber-criminal only needs to compromise one password in order to gain access to everything as well.

If you decide to use an SSO approach, you had better be sure your password is secure. We advise you to use different passwords for each system and to make sure that each of those is secure. It is better to be safe than sorry.

Regardless of whether you opt for multiple passwords or go for the SSO approach, you need to make it as hard as possible for your password to be guessed. This applies to all network users not just IT staff.

Password controls should be used: Minimum character limits should be implemented, along with other controls to ensure only strong passwords are created.

Furthermore, you should help employees create stronger passwords. Research conducted by Carnegie Mellon University’s CUPS (CyLab Usable Privacy and Security) Laboratory has shown that the addition of numbers to passwords can help improve security, but they determined it is far easier to guess passwords when these are added to the end of a password. This is where many people add them. They use their normal password with the characters and numbers added to the end. It is easy to remember that way, it is accepted by the password controls.

Even when passwords do not contain numbers or symbols they can be more secure than short passwords containing numbers and symbols. “AGoodExampleOfASecurePassword” is easy to remember and doesn’t need to be written down. Write it down and there is a chance it will be found. It is actually much better than using “E&”F*$G” for example. That would be very hard to remember, especially if you have more than one password like that to commit to memory and you need to change it every month. You would need to write it down, which is a major risk.

Additionally, a long password is more secure than using any 6-digit code. That said, make sure at least one capital letter is used (preferably more) and a number and a symbol, and that they are not just added to the end.

Avoid using structural passwords

It is tempting to keep using structural passwords. Many companies use a password such as the individual’s initial and the first four digits of their surname plus four digits at the end. The problem is that if the structure is determined, it makes it easier to work out the passwords for the entire organization, including individuals with full system privileges. If they are simply too practical to give up, only use them for individuals with low-level privileges.

Enforce password changes regularly

The longer a password is used; the more opportunities an attacker has to crack it. If you enforce a change every month or two, this is much more secure than keeping the same password for a year. Since new passwords are difficult to remember, why not take advantage of one of the many password managers that exist, such as Dashlane or LastPass. They are also good at helping with password creation, especially for creating longer passwords (and remembering highly complex ones). For greater security use an offline password generator.

It is also worthwhile checking the strength of your password. Take advantage of the Password Assistant if you use a Mac. CUPS found that password strength meters are effective at ensuring secure passwords are created.

Be careful about your use of social media

Could your password be guessed by anyone with access to your Facebook account? Have you used your pet’s name and published that name on Facebook? Your password strength meter will not know if you have used your dog’s name as your password with an exclamation mark at the end. It will not know what you have published via social media.

Assume your social media accounts may be compromised, and never choose a password using your name, a pet’s name, house name, date of birth, or any other information that is accessible through your social media accounts.

Make your passwords ultra-secure and do your bit to protect your organization

If you use the above controls to ensure your passwords are secure, your organization will be better protected. If a security breach occurs, make sure that it is not your account that a hacker uses to gain access to your system.

Prevent Cyberattacks with Effective Password Management

by G Hunt | March 11, 2015 | Spam Advice

Passwords are used to prevent unauthorized individuals from accessing accounts, services and software. They keep data and networks secure, they prevent bank accounts from being plundered and ensure only one person can access sensitive information. If passwords are obtained by a criminal, this excellent security measure is worth absolutely nothing.

The daily news is full of stories about companies that have had their security perimeter breached and usernames and passwords stolen. Keyloggers are installed that obtain passwords, and accounts are bombarded by robots trying combination after combination until the right sequence of numbers and letters is found. Dark net marketplaces list passwords for sale by the thousand, and username and password combos can be purchased for just a couple of dollars a set.

How do passwords actually get stolen?

There are many techniques that are used and a myriad of ways that passwords can be obtained. Some of the most common methods are details below:

Keyloggers – Installed on users’ computers via malicious websites and infected email attachments. They record keystrokes and transmit the information to a hacker’s command and control server

Phishing – Users give passwords away by responding to phishing campaigns

Hacking – Security vulnerabilities in websites are exploited and the Active Directory or LDAP database is stolen

Social Engineering – People give their login credentials to bogus callers, fake customer service personnel, or via IT support scams

Is it so easy for hackers to steal passwords?

Sometimes it can be, but oftentimes security controls prevent a username and a password from being obtained. Passwords are often hashed to prevent this. A login name is obtained, and the number of characters in a password, but not the actual password itself as it is often encoded. The hacker must decode the passwords before they can be used.

What is Password Encoding?

There is a big difference between encoding and encrypting. If data are encrypted, they cannot be unlocked without a security key. This is why ransomware is so effective. Once encrypted, data is inaccessible unless a security key is entered. Security keys cannot be guessed.

Encoding is different. The single data field is encoded using an algorithm that hashes the password. When a password is entered, the hashing algorithm checks the text against the stored hashed version of the password. If the two match, access to an application is granted.

So how are passwords guessed?

In UNIX, a hashed password is stored in an LDAP system, but the type of algorithm that was used to encode the password is also stored. The hacker can work out the password if they have a dictionary of hashed values corresponding to the algorithm used.

The dictionary can be searched to find out if there is a match. These dictionary attacks will not reveal every password, but they can identify some of the most common words used for passwords.

A dictionary can be created by running common words through the algorithm. If you run the word “password” through an MD5 encoding algorithm, the hash it produces will be the same as any other system that uses MD5 encoding. This is how passwords are often guessed. It is not a hacker sitting at a computer entering in different combinations one after another in the hope he or she gets lucky. They can quickly run hashed passwords through their dictionary. Many will be revealed.

This is why it is essential that common passwords are always avoided. “Password”, “123456”, “bigguy”, “administrator” etc. It is also why it is important to use more than a few characters. How long would it take a hacker to compile a list of hashed two digit passwords? By the time you get up to 6 or 8 digits, the possible combinations are too numerous to compute. Since hashing allows up to 255 characters, it is not realistic for a super dictionary to be created. However, since many people use common words, and most use 5 or 8 digit passwords, a surprising number can be very rapidly guessed.

If you also use a common word you are asking for trouble, and if you also share passwords across multiple accounts, everything will be compromised if one is guessed.

It is Vital to Reduce Your Company’s Data Footprint

by G Hunt | November 13, 2014 | Spam Advice

You may be trying to reduce your company’s carbon footprint, but what efforts have you made to reduce your company’s data footprint?

If your company is attacked and hackers gain control of your servers, they will not be able to gain access to data that are not stored on your systems. If you use cloud archiving, you can migrate old data that you are not legally permitted to delete and keep your company information safe and secure. It is possible to reduce your company’s data footprint without incurring major expenses.

Use the cloud to reduce your company’s data footprint

The cloud offers many advantages to companies. It is not just a matter of protecting data from attack. Data need to be stored somewhere and the hardware required is expensive. Space must be dedicated to storage, which could be much better purposed. A server room doesn’t make most companyies any money. An extra telemarketing operation based in the same space would. It would arguably expose the company to less risk.

The huge cost of data storage can be avoided

Data storage requires hardware, and that hardware costs a lot of money to purchase, keep supplied with power, and kept cool. Hardware can also malfunction spontaneously, or as a result of power spikes and cooling issues. It is no surprise that the cloud has proved so popular. It eliminates the cost of purchasing and maintaining rooms of computer equipment.

Amazon realized this and started its Amazon AWS business. Small businesses especially would benefit, as they would not need to buy expensive hardware. Large companies could make huge savings, reducing staff costs as well as equipment costs.

Cloud services benefit all

There were a number of things that all came together to allow Amazon AWS – and cloud computing in general – to be offered to businesses. Virtualization was critical, as were Microsoft Hypervisor and VMware. Companies such as Amazon were able to use a single server to run multiple systems and to divide those among its customers. Standardization resulted in data being transferred to the cloud. After all, it didn’t make sense to have a separate device for every function and, if those devices could be housed in a huge data center with the cost covered by someone else, that made a lot of sense.

Of course, it is not just the cost of the equipment and the running cost that can be saved. Computers require software and software is licensed. Every license adds to the cost. For cloud service providers it makes sense, as they can get a lower license cost by buying hundreds or thousands of licenses. The same goes for equipment purchases. Amazon AWS gets a much better price on its tens of thousands of computers than a company that only requires one.

Staff costs are reduced because one dedicated individual can service many hundreds of servers. They can also be given tools to do this to reduce the time it takes. This is not an option for SMBs.

Is it possible to reduce your company’s data footprint and stay secure?

Unfortunately, no data protections are 100% secure. If you want to reduce your company’s data footprint, you will not reduce your level of risk to zero. It doesn’t matter where data are located, there will be a possibility that the data can be accessed. The aim is to maximize security and reduce risk as far as possible, but you will never get that risk down to 0%.

Cloud storage however is likely to be as close to 0% as you are likely to get as a small business owner. The protections put in place to secure cloud data are considerable. Cloud service providers must ensure their customers’ data are protected, because a data breach could potentially destroy all faith in their business. As a result, highly sophisticated multi-layered security defenses are used. The data are protected by teams of personnel, 24/7. The resources available to cloud service providers are many orders of magnitude greater than those available to a SME. In short, the cloud will give you the best security you are likely to be able to get.

Cloud archiving and backups also ensure that state and federal regulations are satisfied. SOX and HIPAA require data to be backed up and stored off site. Those backups must also be secured. If data is encrypted and stored in the cloud, even if a security breach does occur, the data will not be accessible by the hacker. Use a cloud service provider that encrypts data at rest and in motion, and you will have the best security you can get. You will just need to make sure your encryption keys are not stolen.

Backup your data but maintain an email archive for GDPR compliance

With your data backed up and secured in the cloud you will be protected against data loss, but what about accessing your data? With a backup you will be limited. If you need to access certain files, or search for data elements, you will need an email archive. An email archive is a store of data that you can use whenever you need to. You can recover or access email data as and when required without having to restore everything as you would need to do if you only had a backup.

An email archive will certainly be of benefit to companies that retain EU citizens´ personal data on email. Following the enactment of the General Data Protection Regulation (GDPR), EU citizens now have the right to request access to personal information, correct or complete it where necessary, and delete it (the “right to be forgotten”) when there is justifiable cause. Companies that rely solely on backed up data may face a logistical nightmare to respond to data access requests within the thirty days allowed.

Furthermore, a cloud-based email archiving solution is more likely to protect data from loss, theft or unauthorized disclosure as required by GDPR. With audit logs and real-time monitoring, companies will be able demonstrate their efforts to comply with the EU regulations – a mitigating factor should a data breach occur.

ArcTitan – The convenient and cost-effective email archiving solution

You may want to reduce your company’s data footprint, but some data needs to be accessed and searched often. Email for example. You can create a backup of your PST files, but restoring them means restoring the whole email account and that can take hours. On top of that, all mail items will be restored, even those that are no longer required.

An email archive is the logical solution. Individual emails can be accessed and restored when needed. If you ever need to access files stored in an email account, or access old emails, you can with an email archive: Quickly and easily. The archive is tamper-proof, ensuring a permanent copy of each original email is retained – Something that is essential for compliance and to meet eDiscovery requirements.

ArcTitan allows data from Google Docs, Office 365, MS Exchange, Zimbra and Lotus to be restored, as well as individual emails. Searches can be performed to find the required email or document. Plain text queries can be made from a desktop, laptop, mobile phone or tablet. The data does not need to be retrieved first, as the search can be performed and then the individual file or email accessed.

All emails stored securely on Replicated Persistent Storage on AWS S3 and are automatically backed up. ArcTitan features single instance storage, which means that only one copy of of the email is stored. This is achieved through de-duplication of messages. Not only does this reduce storage space, it means searches are much faster. When you search, instead of returning multiple copies of the same email, your list will only include unique emails, which makes finding the email you need much faster. How fast? You can search up to 30 million emails a second, and emails are automatically sent to the archive at a rate of around 200 a second.

Move your data to the cloud and you can lower your operational costs, improve data security, and access your data whenever you need to. You can reduce your data footprint without violating state and federal regulations, and still maintain access. Store your backed up data in an encrypted file in the cloud, and maintain access to your old emails by creating an email archive in the cloud.

Some of the Main Features of ArcTitan

• Scalable, email archiving that grows with your business
• Email data stored securely in the cloud on Replicated Persistent Storage on AWS S3
• Lightning fast searches – Search 30 million emails a second
• Rapid archiving at up to 200 emails a second
• Automatic backups of the archive
• Email archiving with no impact on network performance
• Ensure an exact, tamperproof copy of all emails is retained
• Easy data retrieval for eDiscovery
• Protection for email from cyberattacks
• Eliminate PSTs and other security risks
• Facilitates policy-based access rights and role-based access
• Only pay for active users
• Slashes the time and cost of eDiscovery other formal searches
• Seamless integration with Outlook
• Supports single sign-on
• Save and combine searches
• Perform multiple searches simultaneously
• Limits IT department involvement in finding lost email – users can access their own archived email
• Compliant with regulations such as HIPAA, SOX, GDPR, Federal Rules of Civil Procedure, etc.

Want to Boost Productivity and Save Money? Then Archive Old Emails!

by G Hunt | October 16, 2014 | Spam Advice

Is archiving old emails worthwhile?

For a business, archiving old emails is essential. It can save time, money and also prevent legal issues.

Even so, many companies do not archive old emails and use backups instead. This is a mistake. The purpose of a backup is to allow lost data to be recovered in the event of a system failure, accidental deletion, fire, or cyberattack. Any time data is lost, it can be restored from a backup tape. A backup is therefore an important failsafe.

Backups are not typically saved for a long period of time. Backup tapes are used again and should not be kept indefinitely. If you store backups for legal reasons and have thousands of tapes, you will be spending a small fortune on the wrong technology.

The reason? Backups are not designed to be searchable. If a file is present in a backup it can be restored, but searching for information in a backup file can be difficult and time consuming. Finding information can really be a chore.

An archive is different because email archiving allows fast searches to be conducted. If you sent an email on a particular date, to a particular person, it would be a relatively easy task to obtain this from a backup. However, if you sent an email containing information about a report, or you can only remember certain words, finding that email in a backup could be very difficult indeed. Fortunately, an email archive can easily be searched. Just use a particular word or search term and you will be able to find the missing email in next to no time at all.

Legal requirements for storing data (HIPAA, SOX, GDPR, etc.)

There are legal requirements relating to stored data. Many industries are required to keep data for a long period of time. If a legal request is made to supply data under the Federal Rules of Civil Procedure, finding the required information can take an extraordinary amount of time. It may be necessary to search through many different daily backup tapes to find the required information.

The same scenarios apply if a company works in a regulated industry and is legally required to store data under the Healthcare Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley Act (SOX). Outside of regulated industries, companies storing the personal data of EU citizens on email have to comply with data access requests within thirty days under the General Data Protection Regulation (GDPR). This could be a logistical problem for many EU-facing companies without a searchable email archive.

An email archiving solution that automatically copies emails as they pass through the mail server also complies with legal requirements stipulating an electronically stored information must be “immutable” – i.e. presented in its original form without alteration. Indeed, GDPR insists that mechanisms must be put in place to prevent the accidental or deliberate alteration or deletion of emails as well as to prevent loss, theft or unauthorized disclosure. Back up tapes do not fulfill this requirement.

Email archiving can save you money

• Due to the security risk, backups are often encrypted. To find information, data must be unencrypted, sifted through, restored, and encrypted again. This takes time. In an email archive, information can be obtained much more quickly.
• The more storage space you need the more it will cost. Using backup tapes is an expensive way of storing old data. Email archiving on the other hand allows storage space to be used much more efficiently. Archiving systems can remove duplicates and that can save a considerable amount of space.
• It is easy to move an archived email from one location to another. Migration is simple, even when moving to an updated server.
• Space is at a premium, especially when it comes to email. Email is usually housed on a server that has limited space. Limits have to be set on individual mailboxes, which means many users end up deleting emails when they have reached their storage limit. Busy professionals don’t have time to do this and typically delete huge volumes of emails – including many that are important. IT departments then get requests a few days later asking for a hastily deleted email to be restored from a backup tape. An efficient archiving system eliminates this headache.
• Old emails need to be checked to identify data leakage. When an insider is found to have stolen data it is essential to check email accounts to find out what has been stolen. When audits have to be conducted, it is far easier with archived email than obtaining data from backups.

The flexibility provided by an email archiving system is essential for businesses. It makes old emails much easier to locate, information can be retrieved rapidly, and it is a more cost efficient method of storing old data than backups. If you have yet to implement an efficient archiving system, now is the time to do so. In the long run it will save you a lot of time, effort, and money.

Network Security Decision Maker? What Should be Your Main Focus?

by G Hunt | April 24, 2014 | Spam Advice

If you are a network decision maker, what should be your main focus? Which issues should demand your attention? This post covers five important considerations if you want to protect your critical assets.

The current threat landscape has become very serious

If you work in a large corporation, chances are you will not need to be reminded about the seriousness of the current threat landscape. However, if you work in an SME, the severity of the current situation may not be so apparent. According to the results of the 2012 Verizon Data Breach Investigations Report (DBIR), the main threat of data theft comes not from hackers intent on profiting from selling stolen data, but from hacktivist groups. In 2011, hacktivists were behind 58% of data breaches. Hackers were involved in 81% of all data breaches reported throughout the year.

One of the main issues in 2014 are what Verizon calls “low and slow attacks.” These are authentication attacks, web exploits and social engineering-based attacks. Malware is evolving and carries a much higher risk than when many companies deployed their security systems. The threat landscape is constantly changing and you must stay alert to the changing risks.

Corporate data is one of your biggest assets – Protect data like you protect your financial assets

Company data is incredibly valuable to cybercriminals. Credit card numbers (with expiry dates, holder names and CSCs) sell for up to $6 a set. If hackers obtain several hundred or several thousand, they can make a tidy profit. If Social Security numbers can be obtained, in particular those of minors, they can sell for up to $200 a set, especially if accompanied by medical records. Bank account information is also valuable. Account information can be sold for up to 10% of the balance of the account. As for proprietary company data, to the right person that could be sold for millions of dollars. Data is highly valuable and criminals will attempt to steal it. You must therefore ensure it is appropriately protected.

End users are actually the first line of defense

Firewalls and other systems designed to repel DDoS attacks and stop malware from being installed may be seen as the first line of defense; however, your end users are actually the first line. They are also the weakest link in the security chain, and cybercriminals know it. Many criminals target end users as it is easier to get them to download malware or reveal login credentials than to break through a firewall.

If you want to keep your network secure you must provide training and make end users more security aware. They must be instructed how to identify phishing campaigns, be shown good practices to adopt when surfing the Internet or using email. Social media best practices must also be taught, especially if access to the websites is not blocked.

Application and platform management policies need to be developed

In order to protect networks and connected devices from being infected with malware and viruses, policies must be developed covering the permitted uses of computer equipment, applications, Smartphones and other BYOD devices.

Even some companies that have adopted BYOD have not issued staff members with detailed policies on the allowable uses of their devices in the workplace. SpamTitan recently conducted a research study that showed a third of organizations have not covered the use of messaging and collaboration tools in their corporate policies. Make sure the use of Smartphones, tablets, portable storage devices, collaboration tools, email, Social media, and web 2.0 applications are all covered. This will help to ensure staff do not take unnecessary risks.

Prohibition didn’t work – Neither do blanket bans

Total bans on the use of Smartphones, laptops, social media, or online shopping at work will not prevent end users from bringing their devices to work or using the Internet for personal use. Controls such of these may actually have a negative impact on staff happiness and productivity. Many employers believe the reverse is the case and issue total bans. Controls must be implemented to prevent theft of data, but carefully consider blanket bans. They may sometimes be effective at protecting networks, but they are rarely good for the business.

World Cup Fever Strikes: World Cup Spam Emails Follow

by G Hunt | March 27, 2014 | Spam Advice

The World Cup will take place later this year, and Brazil is now completing the final preparations as the host of this year’s tournament. The World Cup generates huge global interest from football fans as well as those that would not normally watch a soccer game. Criminals take advantage of this and use the hype surrounding the World Cup to launch their scams. We have already seen World Cup spam emails caugh by our spam filters, and a great many more World Cup spam emails will appear over the coming weeks.

There will be many promotional campaigns launched by companies of all sizes. The major global brands invest heavily in World Cup promotions and sponsorship deals, taking advantage of the huge audiences the games attract. It is a great opportunity to get a brand noticed and a great time for scammers to go unnoticed.

It can sometimes be difficult to distinguish scams from real promotional campaigns, although a good gauge is “if it sounds like it is too good to be true, it probably is”.

Some of the scams that have been uncovered so far have been listed below. Be wary of these and other potential scams.

Malware delivery via World Cup spam emails

Email spam is not all about cheap watches and Viagra. Criminals use bulk emails to convince the unsuspecting to divulge their personal information with the aim of committing identity theft. Many websites pose as legitimate sites offering goods for sale. When a credit card is entered, the transaction appears to be processed, but the card details are used by criminals to obtains good of their own.

One of the most common scams involves the sale of cut price match tickets. FIFA sells tickets directly and via a number of authorized retailers, but tickets are in short supply. A stadium may hold 80,000 people, but tickets sell out very quickly.

Tickets are bought by touts and sell for as much as $30,000 including travel and accommodation. Many people are happy to pay this. Unfortunately, they will not get a real ticket. FIFA only releases them for sale in April. Any early purchaser will have fallen for a scam. FIFA has announced that only individuals who buy a ticket through an authorized retailer will be allowed to see the game. Investigations are underway in 130 countries after scams and black market ticket vendors have been discovered.

Perhaps more worrying are the scams that convince people to click on a link to a malicious website containing malware. If the user can be convinced to download a file or take an action online, malware will be delivered to their computer, tablet, or mobile phone.

One of the latest scams informs email recipients that they have won World Cup final tickets. All they need to do is click a link to a website where they are told they can print their tickets. Unfortunately, clicking the link to print will deliver a particularly nasty malware called VBS.Dinihou. This is a worm allows a criminal to download files to their computer without authorization. It also infects any USB drive plugged into the computer.

Brazil is home to one of the world’s largest cybercriminal groups

Russia, Ukraine, China and Vietnam are all known to be home to many cyber-criminal gangs, yet one of the world’s largest is based in Brazil, according to a recent report in The Guardian newspaper.

Many Brazilians are unhappy about the World Cup being hosted in the country due to the huge expense involved in staging such a tournament. The cost is astronomical and many believe that those costs will not be recovered, let alone any profit made. They feel the money should have been spent improving services for locals, not for tourists who will visit over a 4-week period. Cybercriminals have taken up their cause and are disrupting the sale of tickets.

Anonymous has also made announcements that it will be active during the World Cup and may attack FIFA and World Cup sponsors. Banks in Brazil were targeted by Anonymous in 2012, and cybersecurity protections in the country are poor. Many companies will be targeted and will be able to put up little resistance to the attacks.

World Cup fans are also being sent spam and phishing emails. Links to websites containing malware are being sent, along with file attachments containing viruses and malware. Any World Cup spam emails should be treated as suspicious and attachments not opened unless they can be confirmed as genuine. Fall for one of these scams and you could suffer major financial losses, and have your computer infected with a virus or malware. Worse still, the network that your computer connects to could be compromised.

Is malware really so bad? What does malware actually do?

Criminals use malware to achieve a number of aims. Not all criminals want to steal bank account and credit card data. Listed below are some of the common uses of malware.

Financial fraud

Not all criminals are after money, but a large percentage certainly are. If a hacker or cybercriminal is able to gain access to credit card number, the card can be used to make online purchases or fake cards can be created and used until the card is blocked. Bank account details can be used to make transfers. Entire accounts can be emptied before the victim even becomes aware of any losses. Malware is used to log keystrokes, which will reveal online banking credentials and other account logins and passwords.

Identity Theft

Personal information can be used to create fake IDs. With a fake ID, loans, credit cards and store cards can be obtained. With a stolen identity, criminals can run up thousands, or even tens of thousands of debts. In some cases, the losses can be even higher. One girl in the U.S. discovered she was the proud owner of a million-dollar yacht when she turned 18. On paper at least. In reality all she had was the debt. Malware allows files to be downloaded and control of devices to be obtained by hackers. Any data stored on the device, or accessible through it, can be stolen.

Botnets

Even a powerful computer cannot perform the necessary calculations to crack billions of passwords quickly. It would take years for a computer to be used to decode every possible combination of password. However, botnets on thousands of computers make the task much quicker. Botnet infections are also used to send out millions of spam emails. Email spammers do not use their own computers for this.

Data Loss

Sabotage is a common aim and it is often indiscriminate. Many viruses and malware delete or corrupt files, and even wipe entire hard drives. This may not occur immediately. Viruses lay dormant for weeks or months until a set date: Valentine’s Day is common. Kaspersky Labs, one of the AV engines used by SpamTitan, has identified a number of such viruses, including “The Wiper”, “Shamoon”, “Narilam”, “Maya”, “Groovemonitor” and “Dark Seoul”. These will delete data from computers or may wipe the entire hard drive.

How can you protect yourself from viruses, malware and scams?

• Don’t open emails from people you do not know
• Do not visit links contained in emails if you are not sure that they are genuine
• Delete emails containing attachments unless you are sure that they are legitimate
• Use an Anti-Spam solution such as SpamTitan to block spam emails and malware
• Keep AV definitions up to date

Perform software upgrades promptly and install patches as soon as they are released.

Russian Snake Virus: 8 Years of Data Theft by Uroboros

by G Hunt | March 23, 2014 | Spam Advice

How long are computer viruses active before they are discovered? A few months? A year? In the case of the Russian Snake Virus, Uroboros, it has been stealing data for 8 years. It has been detected, but that doesn’t mean that the threat is over. The virus will be present on many systems, and will continue to steal data as it is incredibly difficult to detect.

Where did the virus come from?

It has been called the Russian Snake Virus, as many researchers believe the virus was created in Russia. Snake because some believe the Russian government had a hand in its creation. Why? Because of the sophisticated nature of the virus. A malicious program as complex as Uroboros is believed to have required state sponsorship. Foreign governments have been known to create viruses before. China was behind the APT1 virus. Links have been uncovered that tie the virus to the Chinese military. However, so far no link has been proven between the Russian government and Uroboros.

The virus was not created to steal data from individuals. The creators had other loftier aims. The International Business Times reported that the virus was created to steal government secrets and strike at telecoms systems.

The exact targets have not all been announced by the researchers who discovered the virus, but another link to Russia comes from the fact that Ukraine was attacked 14 times by Uroboros. It would appear that the Department of Defense of the United States was also attacked by the Russian Snake Virus in 2010.

The virus is currently being analyzed by UK firm BAE and German company Gdata. As for the level of sophistication, it is reportedly equivalent to Stuxnet. For anyone unaware of Stuxnet, it was developed and used by the U.S. and Israel to destroy Iranian nuclear reactors. It caused them to spin out of control until they were destroyed. Very James Bond, but in this case very real.

Uroboros is a rootkit and hides inside kernel-level processes. Because of this it has remained undetected. Anti-Virus engines do not scan there, allowing it to remain undetected for so long.

The analysis of Uroboros by BAE is secret and, while more is now known, since the virus is part of an ongoing operation few details have been released. The virus is still in operation and may be attacking or monitoring foreign government systems right now. What is known is Uroboros targets a vulnerability in Windows in addition to software running on the Windows platform. The virus has managed to continue working despite new security features being incorporated into the operating system.

How does Uroboros work?

From the information released so far it is known that Uroboros hijacks a running process. It hides inside of processes that are part of Windows so evades detection. Because of this, AV engines do not detect it. The AV software assumes it is part of Windows, and fails to flag the virus or hijacked service as being malicious. The virus is understood to inject DLLs into the running process.

It sends data at the user and kernel level. When a user fires up their browser, the virus launches a GET request and obtains instructions from the hacker’s command and control center. Since hundreds of legitimate requests are usually made, the GET request from the virus remains hidden. The use of HTTP also allows it to bypass firewalls. Uroboros is not always active either. It may be for a short period of time before going to sleep. It is told to do this by the hacker in control of the virus, and may sleep for months if required.

One question that has not been answered is how the Russian Snake Virus infects a computer. According to BAE, Uroboros is installed by a USB plugged into a computer, but it may also be installed via a phishing email. It is known to hack network processes, and monitor and intercept inbound and outbound traffic. It is capable of exfiltrating data and logs and can receive inbound commands.

A security vulnerability in Oracle Virtualbox has been exploited by the virus, allowing access to be gained to the kernel memory. It updates a variable indicating Windows was started in WinPE mode. Unsigned DLL files can then be loaded. These files do not have their owner and integrity verified. The Russian Snake Virus is capable of mounting virtual and physical drives, and different versions exist allowing it to be installed on different operating systems.

How can an attack of this nature be avoided?

Unfortunately, with malicious software such as the Russian Snake Virus it is difficult to totally protect a computer. There are steps that can be taken to reduce the likelihood of infection:

• The virus may be transmitted via phishing and spam emails: Block these using Anti-Spam software
• Issue training on anti-phishing strategies to employees
• Ban the use of all USB drives in your organization
• Keep software systems up to date with patches and, better still, upgrade Windows to the latest version
• Use diskless devices such as Chromebooks as much as possible
• Ensure packet-level inspections read HTTP traffic to look for signals that malware or viruses are communicating with command and control servers
• Data encryption can be used to protect stored data, but unfortunately not the memory

The Russian Snake virus: A risk for everyone or just foreign governments?

At present, the virus is believed to be used to attack foreign governments. Unfortunately, when details are released they can be used to create variants. Non state-sponsored hackers may not have been able to create the virus, but the techniques used to exploit computers and networks can be copied. This may already have occurred.

The next few years may see a number of different versions of the virus discovered, which may be used for many different reasons. Specific data may be targeted and stolen, or systems sabotaged. Only time will tell.

The discovery shows the lengths that some individuals and groups will go to in order to steal data, and why it is essential to implement multi-layered security systems to protect computers and computer networks, and always to use controls to prevent phishing emails from being delivered, and responded to.

Beware of Sochi Winter Olympics Spam

by G Hunt | February 12, 2014 | Spam Advice

The Sochi Winter Olympics is a major event in the sporting calendar, and we are looking forward to witnessing the spectacle of winter sports as much as everyone. However, as with any major sporting event, the Winter Olympics has attracted the interest of cyber criminals. Major sporting events tend to see spammers and scammers take advantage of the media frenzy, and Sochi Winter Olympics spam campaigns have already been discovered.

Sochi Winter Olympics Spam Warning Issued by US-CERT

The high threat level has prompted the United States Computer Emergency Response Team (US-CERT) to issue an alert warning of online scams and phishing campaigns, in particular emails with the subject of “Winter Olympics” or “Sochi”. Spammers are aware that these emails are likely to be opened by winter sports enthusiasts.

Sochi Winter Olympics spam emails are expected to be sent in the millions, and phishing campaigns have been devised with attachments related to winter sports schedules, medal winners and alike. It doesn’t stop there. Many emails will contain links to fake websites enticing users to click for up to date Sochi news. However, those links will direct the unwary to sites that are loaded with malware. Clicking the link will result in malware being downloaded to the visitor’s computer or mobile device.

US-CERT says links to unfamiliar websites should be avoided. However, there is worse news for any individual traveling to Russia to view the winter sports spectacle in person. NBC anchor, Brian Williams, recently announced that ”visitors to Russia can expect to be hacked.”

The news report warned of a high risk of cyber-attacks on innocent sports lovers who take internet-enabled devices on their travels. He said cyber-attacks are “Not a matter of if, but when.” Based on the news report, users can all but guarantee they will have their devices hacked, simply by turning them on in Russia.

Visit Russia and you will be hacked?

An NBC reporter, Richard Engel, investigated the risk as part of the report. The NBC test involved turning on a laptop computer and mobile to show how easy it was for hackers to take advantage. Once the devices were turned on and connected to Russian networks, they were attacked in minutes. Engle said, “Before we even finished our coffee the bad actors had hit.” He said that information had been stolen and malware downloaded, and issued a stern warning saying visitors were “entering a minefield the instant they log on to the Internet.”

However, the test was not all it appeared to be. It involved the reporters visiting a fake Olympics website, such as those used by phishers. These websites contain malware and automatically download it to the visitor’s device. The risk appears not to be as high as the report made it sound. According to internet security expert, Robert Graham, the test was conducted on devices that were likely not to even have basic controls to prevent malware from being installed, such as up to date antivirus software.

In fact, internet users in the United States, UK, or any location around the world would be infected by malware by visiting such sites. If the test was conducted from the United States, it would likely produce similar results.

Graham decided to put this to the test, and set out to deliberately get his phone hacked. As it turned out, it was not quite as easy as the reporters suggested. The security features installed on his phone prevented malware from installing. He persevered and disabled the security software installed on his Android Smartphone. He also masked his IP address to make it appear that he was actually in the Russian Federation. After finally finding a virus, he was issued with a warning on his phone, which he had to ignore to finally get his device infected.

That is not to say that internet users – visiting Russia or staying at home – should not be wary. Quite the opposite. It is essential to be security aware, not take unnecessary risks, and implement controls to block Sochi Winter Olympics spam and phishing emails. Basic security controls must be installed on all internet enabled devices to prevent cyber-attacks, and it is essential to be vigilant, avoid unfamiliar links, and not open attachments unless certain of their authenticity.

Whether you visit Russia or stay at home, it would be a wise precaution to use a VPN to access sensitive websites – online banking websites for example. Installing a spam filter will also help to protect against phishing campaigns.

What is a high risk country? These days there are no low risk countries. It is the websites you visit, not the country you live in, that determines the risk of cyber attack!

Unfortunately You Haven’t Won the Spanish Sweepstake Lottery

by G Hunt | October 30, 2013 | Spam Advice

If you can be certain of one thing in life apart from death and taxes, it is the impossibility of winning a lottery that you have not bought a ticket for. Surprisingly, some people do fall for scams like these.

Over the past few weeks we have received reports of emails and letters being sent advising the recipients they have almost become a Euro millionaire: Their numbers have been drawn and a prize of €915,810 has been won.

The reason the emails have been sent to people who have not even bought a ticket is because these campaigns are sent randomly. The perpetrators of the campaign do not know who has bought a ticket, but a percentage of lottery ticket holders will receive the email if enough are sent.

A holder of a ticket may respond even if an email address was not provided when buying a ticket. Hope gets the better of common sense sometimes. The thrill of potentially having won over €900,000 helps in this regard.

The Spanish lottery scam nets criminals millions of Euros

A check for this sum is not issued for security reasons. The money can only be claimed by supplying bank information. The lottery company must use a bank transfer to provide the winnings. Sometimes, the lucky winner will have to cover some “administrative costs” in order to receive their prize. A charge of a few Euros is nothing compared to a €915,810 payout. Those charges are often more than just a few Euros, but the money is still paid.

This particular scam, or variants of it, are commonly sent by Nigerian criminal gangs. In the case of the postal version, a Nigerian postmark would be a giveaway. The letters are naturally all emailed from Spain. In fact, Spanish criminals have also started using this type of scam to defraud victims. The Guardia Civil recently took down a large gang of criminals who were running scams of this nature. Millions of Euros were recovered.

If you receive an email telling you that you have won a large sum of money, here are some easy ways to tell if the email is not genuine:

• You did not buy a lottery ticket
• You did not supply an email address
• You have never heard of the company you are asked to contact
• The email contains grammatical errors and spelling mistakes
• You are given a strict, and short, time limit for claiming your prize
• You are asked to supply sensitive information to verify your identity
• You need to pay an administration fee in order to claim your prize
• You are asked to click on a link contained in the email to confirm your identity

We wish you the best of luck. And if you want to win a prize, remember to buy a ticket and check the numbers personally!

One in Five Phishing Scams Target Bank Customers

by G Hunt | July 14, 2013 | Spam Advice

Phishing is not a problem that must only be dealt with by consumers. Businesses are being targeted based on the financial organizations they use, according to the latest research conducted by Kaspersky Labs. The Anti-Virus software provider has been investigating the evolution of phishing. The study looked at the attacks that had taken place between May 2012 and April 2013. The survey revealed that phishers are changing tactics, and are attempting to obtain bank account information. If business bank accounts can be obtained, so much the better. They usually contain much more money than personal accounts.

Hackers often target businesses they despise. Their intention is not always to make money but to cause harm. If bank accounts can be obtained they can be sold to cybercriminals. Accounts are plundered, and sometimes businesses go bust as a result. You may not have offended any hackers, but that doesn’t put you in the clear. Some hackers are involved in organized crime and they will not care who they target as long as money can be obtained.

If a bank is targeted and you lose funds, can you sue them?

A bank is attacked and a business loses money from its account. Can a business sue a bank for a cyberattack? Some are now trying.

EMI has filed a lawsuit against Comerica, in which it claims that the financial institution failed to implement appropriate security defenses which directly led to one EMI employee falling for a phishing campaign. An employee was tricked into revealing EMIs bank account details. As a result, over $500,000 was rapidly transferred out of EMIs accounts. Protections were not in place at the bank to stop this.

Unsurprisingly, the bank has claimed that this was the fault of EMI. It is EMIs responsibility to ensure its employees are trained, and do not fall for phishing campaigns. The bank could have done nothing to prevent that employee from falling for the phishing scam. EMI could have taken action though. It is unlikely that the lawsuit will result in the bank having to cover the losses of EMI.

Phishing prevention starts with staff training

If you want to protect your company’s bank balance, and stop phishers making transfers, the first step to take is to provide all staff members with cybersecurity training. One response to a phishing email is all it takes to see a bank account emptied. It therefore makes a great deal of sense to instruct members of staff about phishing emails. In the above case, the provision of such training may have saved $500,000.

The FBI estimates that these schemes, and other cyberattacks, net online criminals around $100 billion a year. These funds are obtained from large corporations and individuals, but small businesses are now being increasingly targeted. They lack the security software used by large corporations and their bank accounts contain more money than consumer accounts.

Unfortunately for SMEs, the same protections are needed as those used by large corporations. Unfortunately, IT budgets are not nearly as large. SMEs must therefore choose the best protections to put in place that will offer the greatest protection for the least outlay. Many do not even employ dedicated cybersecurity staff, so the products they choose must be easy to install, operate and maintain.

To protect against phishing, businesses must concentrate not on protecting their network with firewalls, but protecting end users. They are the ones who will be targeted by a phishing attack.

There are two methods that can be used in this regard (apart from staff training): The use of a spam filter to prevent phishing emails from being delivered, and a web filter to stop users visiting phishing websites.

The number of phishing attacks has increased significantly over the course of the past year. Because the tactic is proving to be so profitable, 2013 and 2014 are likely to see even more attacks take place. Any business that fails to take action to address the risk is likely to become a victim. Maybe not today, maybe not tomorrow, but soon.

SpamTitan Network and Email Security Predictions for 2013

by G Hunt | January 22, 2013 | Spam Advice

Being forewarned is being forearmed, which is why SpamTitan has issued five network and email security predictions for 2013. Over the course of the next 12 months, mobile applications and social media networks are likely to have a major impact on businesses, especially small to medium-sized enterprises. However, both have potential to introduce new security risks. These will need to be addressed.

Last year the volume of cyberattacks increased, as did the variety of new malware identified. More sophisticated cyberattacks were conducted in 2013 than in previous years, and they have proven to be even more damaging.

Last year was difficult for IT security professionals. Unfortunately, the coming year is unlikely to be any easier. If you want to keep your network secure and your data protected, a considerable effort will be required over the next 12 months!

SpamTitan Network and Email Security Predictions for 2013

1.      Social media monitoring will become essential to keep networks secure and staff productive

The popularity of social media websites is growing, and people are now spending an extraordinary amount of time connecting with people online, sending messages, reading and writing posts, uploading photographs, friending and poking. People crave interaction so this should be no surprise. With even more social media sites to choose from, and the use of the sites now ingrained, employees will want to use the sites more frequently at work. It is up to employers to harness the power of social media and prevent abuse.

Managers who have yet to tackle the issue of social media website use at work will need to take action in 2013. Whether it is implementing a ban or policies covering usage, the issue will not be able to be ignored any more. Since employees will use the sites even if a ban is implemented, we expect more companies to start adopting ways to curb usage, as well as taking action to address the network security risks the sites pose.

2.      BYOD is here to stay and the trend will continue

BYOD is driven by employees, not by employers. Employees want to bring their own devices to work, and employers can reap the benefits. The problem that must be addressed is how to manage the considerable security risks. Many companies will decide the risks posed by the devices outweigh the benefits, and many will look to harness the power of web tools and cloud based applications.

We expect security polices will need to be put in place by organizations in 2013. Employees who are permitted to bring their own devices to work are likely to have more restrictions put in place on the use of those devices. Additional security measures to enforce policies will also be installed.

3.      Cybercriminals will start to use social media as the main way of profiling targets

As the use of social media networks grows and consumers spend more time on the sites, cybercriminals will start to use the websites as a way of identifying and profiling their targets for spear phishing campaigns. Malware attacks via Facebook and other social media platforms are also likely to increase over the next 12 months. Criminals will also become more skilled at using social media networks to obtain the information necessary to defraud their targets.

Email spam volumes should continue to fall as criminals find it harder to profit from spamming campaigns. The past 2-3 years have seen spam volume decline and this is likely to continue in 2013. 3 years ago, the volume of spam emails stood at around 90% of all emails sent. Now the figure is around 70%. We expect the total to fall to around 60% this year.

4.      Phishing attacks will primarily be conducted via social media websites

Phishing campaigns have been found to be highly effective on Facebook and Twitter. These two social media platforms were the most popular with phishers last year, and that is likely to continue in 2013. Social media campaigns can be conducted rapidly, and require little outlay. As the threat grows, we expect organizations to take action and implement defenses to reduce the risk of their employees falling for phishing schemes. They will be given little choice if they want to keep their networks protected.

5.      Market consolidation to continue and businesses will increasingly consider alternative solution providers

The information security industry is likely to see even more market consolidation in 2013. Smaller companies will merge, with numerous takeovers expected. Last year, Trustwave bought out M86 Security, and Eleven GmbH was acquired by Commtouch.

However, end user businesses should find they can stay competitive if they concentrate on niche products. Specialist products will continue to be developed and fine-tuned, offering consumers more powerful security solutions for specific areas of network security.

Do you agree with our network and email security predictions for 2013? We expect, as an IT professional, you will have your own security predictions for 2013. What do you think the next 12 months have in store for IT security pro’s?

Cybercriminal Activity Increases During Holiday Season

by G Hunt | November 5, 2012 | Spam Advice

Halloween has been and gone, and with it the threat from Halloween-related spam and phishing campaigns. Unfortunately, the ghoulish behavior of cybercriminals will not stop. They will just work on Thanksgiving-related scams, or target the millions of online shoppers on Black Friday, Cyber Monday and Free Shipping Day. They will also be preparing for Christmas, which is another excellent time to target the unwary and gullible. All of these holiday times see millions of spam emails sent, new phishing campaigns developed, and many old ones dusted off and used again. Internet users must therefore always be constantly vigilant for the next cyberattack or scam.

Internet security risks increase in the run up to Christmas

Employees lead busy lives and often do not find the time to do all of their Christmas shopping at home. Some do not have home computers so are unable to access the Internet outside office hours. Many just prefer to keep their free time free, and be paid by their employers to do their Christmas shopping.

Unfortunately, those employees are taking big risks that could seriously jeopardize the security of their corporate computer systems, according to the Information Systems Audit and Control Association. This risk naturally increases at times of the year when internet shopping increases.

The risk has also increased in recent years with the rise in popularity of BYOD. More devices are being used to access networks, many of which do not have the level of security of the desktop computers supplied by employers and configured by IT departments. These devices make it much easier for employees to bypass security and spam protection controls.

The bad news is the risk is not going to decrease. As more users take part on BYOD, and even more devices are allowed to connect to corporate networks, the risk of suffering network security breaches will also increase.

Many companies find the number of employees using computers for personal use, especially in the run up to Christmas, has reached a level where it is simply not possible to take action against each employee. The threshold for disciplinary action has had to be increased. Others target this by taking a much harder line, due to the amount of time that is being wasted by employees. HR departments are then run ragged.

It is no surprise that many employers opt for an easy solution and implement a web filter to block access to certain internet sites. The burden is eased on HR staff and employees waste less time and become more productive. They are also used to cut back on other time wasting activities, such as accessing social media sites and playing online games.

A web filtering solution, such as WebTitan, can be invaluable at this time of year. It will reduce risk to network security and improve productivity; however, risk cannot be totally eliminated especially with the volume of email spam campaigns and Christmas-related scams seen at this time of year.

Holiday season scams that threaten network security

The usual suspects come out at this time of year but, after 10 months’ “holiday” from Christmas scam emails, it is useful to remind employees of the spam and phishing emails that do the rounds at this time of year.

‘Must Have’ Gift Scams

Every year there are some gifts that every child wants. They are in short supply and usually sell out well before Christmas. Be late buying Christmas gifts and your child will have to make do with second best. UNLESS…… someone has a spare one or some excess stock. You will find offers of the latest gadgets or hot new products flood inboxes. Links take users to shopping websites that have just one or two left. A purchase is made and the gift is mailed. Unfortunately, many of these websites are fake, and all that happens is a credit card number is divulged to a criminal.

Christmas Phishing Scams

The run up to Christmas is a busy time and short cuts are taken by employees who are under pressure or daydreaming about roast turkey. People are less cautious and take more security risks. They forget to check that a website has a valid SSL Certificate or shows a padlock next to the URL. People are more likely to click on links to malicious websites and, when full of Christmas spirit, Christmas-related social media posts are visited more frequently. Users tend to reveal personal information at this time of year. A post asks you to create your Elf name by using the name of your first pet and the street where you grew up. Users unfortunately divulge the answers to their online banking security questions all too easily.

Fake Special Offers and Competitions

Everyone would like a free Christmas gift, and scammers know it is easy to obtain sensitive information via fake competitions if there is a cool prize on offer. It is a time to be very cautious about surveys or competitions that ask for personal information. Facebook is one of the preferred websites to launch a fake contest, and it is surprising how much personal information is disclosed. Once personal information has been divulged, an email often arrives offering a prize. Just a few more data fields need to be entered to claim the top prize. That prize is identity theft, not a shopping voucher or an Xbox.

How to avoid these Christmas scams

Vigilance is key. Employers must be particularly careful that their staff members do not fall for these scams. It is a great time for refresher training to be conducted or for an email bulletin to be sent. Be sure to warn the staff of the following:

• Never to click on a link contained in an email unless they are 100% sure of the identity of the sender
• Never open an attachment in an email from someone they don’t know
• Change passwords and make sure they are impossible to guess
• Be very careful about divulging sensitive information to anyone
• Social media websites contain many scams. Make employees aware of scam competitions or surveys that request personal information
• Be careful about installing mobile apps – they may not be as harmless as they appear
• Password protect Smartphones and use a lock screen – if stolen, criminals will not be able to access online accounts and company data

Stop and think before clicking any link, visiting a website or opening an email – Could it be a scam or phishing attempt?

Make it Harder for Cybercriminals to Steal Data

by G Hunt | October 3, 2012 | Spam Advice

Cybercriminals are intent on breaking through security defenses to gain access to corporate databases. Once access has been gained, they steal data to sell on to other criminals to use for fraud and identity theft. There are some exceptionally talented individuals out there who are doing this, but there are many less talented individuals as well who are doing the same. In fact, there are individuals with next to no talent or skill who are doing who are making big money because it is so easy.

It doesn’t actually take a genius to steal data from companies, even when robust security measures are put in place. That is because massive security holes are left unplugged. The door is being left open, and cybercriminals are just walking through it.

To prevent major data breaches and cyberattacks it is essential to make hard for cybercriminals. If it is hard, they are likely to look for easier targets. There are plenty out there, you must just make sure you are not one of them. It is much easier for them to take the path of least resistance or, in many cases, they take the path of no resistance. Some companies make it ridiculously easy for hackers and criminals to steal their data.

How easy is it? The global information group Experian took a close look by conducting its “life in a box” experiment. That study produced some very interesting results. First of all, the study quantified the extent of the current problem.

Between the start of January and the end of June 2012, a period of only 6 months, 19.7 million pieces of information were illegally traded online. To put that figure into context, 19.04 million pieces of information were traded in 2011. That’s the whole of 2011, BTW, not just the first 6 months.

The Life in a Box Experiment

Meet Steve. He knows his stuff. He is a typical web user who is quite knowledgeable on security matters. He takes precautions when using the internet, holds down a normal job and pays his taxes. He is also in a hurry most of the time because he has a lot to get done. Consequently, he makes some mistakes. Basic security errors, even though he believes he is quite security conscious.

Steve was presented with a few challenges for the study. These online tasks were set to find out just how easy he was making it for criminals to steal his personal data. During the study, this reasonably security conscious guy made three fundamental security mistakes.

• He was found to be sharing his passwords across a number of different online accounts
• He did not bother to check that a website was secure (had a padlock next to the URL) before disclosing personal information
• He did not update his web browser to the latest version when a security update or critical patch was released

Steve had set up 8 temporary email addresses during the study. It took only 5 hours for all 8 to be hijacked. His data were actually in the hands of criminals in multiple countries around the world within 5 minutes of the study commencing. Mr. “Reasonably Security Conscious” was not making it difficult for cybercriminals at all. Most of his fellow employees would have performed equally badly, and many a whole lot worse.

A vast amount of personal data is uploaded to the Internet

An incredible amount of data about individuals’ lives are uploaded to the Internet. Names, dates of birth, passwords, usernames, answers to security questions, bank account details, Social Security numbers, credit card numbers, medical information, consumer information, likes and dislikes. The list goes on and on.

If you are a little sloppy and are not particularly security aware, this information can easily be accessed by criminals. With just a little information it is possible to commit identity theft. Criminals use that information to create or obtain fake IDs that can be used to obtain further proof of identity. Then credit cards, loans, prescriptions, medical services and much more can be obtained. Bad security habits at work can see employers’ systems compromised and corporate bank accounts plundered.

There has never been an easier time to get into online crime

Personal information can be obtained using a number of very straightforward techniques. It is not necessary to be a hacker to do this. Any would-be criminal could pay to use an exploit kit and even be instructed how to use it. Phishing campaigns can be easily launched, social engineering scams developed, viruses and malware sent via email, and malicious code loaded onto pages and adverts on social media networks.

As long as web users continue to make it easy for criminals to take advantage, there will not be a shortage of individuals willing to try to defraud them. It may not be possible to prevent all cyberattacks but it is possible to make sure that only the most skilled and creative cybercriminals will have a chance of success.

Security awareness must improve in order to prevent corporate cyberattacks

Unfortunately, even with excellent security defenses installed, the sloppy security habits of employees can result in networks being compromised. All it takes is for an employee to respond to a phishing campaign, visit a website containing malicious code, install malware by mistake, or hand over sensitive information to a scammer and the door can be opened.

The Life in a Box study shows just how easy some people are making it for cybercriminals to take advantage. You can tell employees to only use websites that have a SSL certificate in place, or to look for a padlock next to the URL before disclosing personal or company information, but they will continue to make basic security errors.

They must be instructed on the risks, trained how to avoid risky behavior, and told about the methods cyber criminals use to obtain data, steal identities, and break through corporate cybersecurity defenses. They do not need to be turned into IT security experts, they just need to be taught how to act responsibly online.

You also need to put additional security defenses in place because everyone will make mistakes from time to time. You need to make it harder for cybercriminals to take advantage, and you need to reduce the number of times your employee’s security skills are put to the test. A Spam filter is a good place to start, and a web filter is also wise protection. Alongside security training, your network will be much better protected from attack.

Have you Planned for the 2012 European Football Championships?

by G Hunt | June 12, 2012 | Spam Advice

The European Football Championships are almost upon us, which is fantastic news for football (soccer) fans, but terrible news haters of ‘The Beautiful Game’. It is also something of a nightmare for employers.

It is easier to manage than the World Cup of course. There are only a very limited number of time zones across Europe, so no matter where the games are played, most kick-off times are outside of normal business hours. Unfortunately, standard business hours are becoming a thing of the past for many workers and not all qualifying games are played in the evening. Many employees will face a dilemma. Watch the game at work and risk the ire of an employer, or miss out on some live football action. A great many will choose the former and will use streaming websites to see the games live.

IT security risks are introduced during major sporting events

Major sporting tournaments have a knock on effect on productivity, but that is actually a relatively minor issue compared to the increased network security threat that comes from sports streaming websites. Streaming websites breach copyright laws. The owners of websites showing live sports games run a risk of arrest, heavy fines and even prison terms for their deeds. They must therefore make enough money to make it worthwhile.

To do this they show adverts on their sites. However, few people click on standard adverts. They go on the sites to watch sports, not click on links. The site owners therefore have to be sneaky. They make it hard for the adverts to be closed. The put multiple X’s in the adverts, which launch pop ups. This means that your standard football addict will end up clicking on multiple adverts in an attempt to close them.

Cyber criminals are well aware of the tactics used by the site owners, and know that ad’s will be clicked by everyone using the sites. If they are able to get their adverts on ad networks, getting visitors to their malicious websites could not be easier. That means more individuals will inadvertently download their malware, more computers will be infected, and they will make more money.

So are the European Football Championships all bad news for employers?

The European Football Championships mean owners of streaming websites will make money, it’s a win for cyber criminals and hackers, and great for Football fans. Employers don’t fare too well, and neither to IT security professionals. Bandwidth is chewed up by employees streaming games, the malware risk increases and it is a potentially unproductive time for a few weeks.

That said, it’s not all bad for employers. Research conducted by Robert Half Technologies shows that there are positives. In a poll of HR directors, 44% thought that the European Football Championships would actually have a positive impact on morale and employees would be more motivated. This happened during the Olympics. IT professionals were not so complimentary about the benefits. In fact, 57% will be banning access at work due to the high network security risk and bandwidth issues.

A ban can be implemented easily. All it takes is an email, or a mention in a staff meeting. But how can the ban be enforced?

How can you block streaming websites, control Internet usage at work, and manage risk?

There are many ways to block website access, but it can be time consuming to set up. It is also hard to block access to ALL websites used for streaming. These often change or are shut down and new ones opened. Blanket bans can result in legitimate websites being blocked, and setting rules on individual browsers is just not an option. It is far too time consuming, and too easy for users to change their own settings to allow temporary access.

The best solution is to use web filtering software. This allows internet usage to be centrally controlled by a system administrator. You could even block all games apart from those involving those played by your home country. It really is very simple to have that level of control (if you have the right web filter installed).

SpamTitan Technologies web filtering solutions have highly granular controls, which will allow you to:

• Block websites by domain, category, URL pattern, or content
• Prevent users from downloading certain file types
• Block or permit certain websites for specific groups or individuals
• Set restrictions based on time-frames – i.e. allowing workers to stay after work to watch games, but block access during working hours for groups or individuals
• Prevent end users from visiting links to malicious websites
• Block malicious adverts from being displayed
• Blocking all streaming services, including music and video
• Block online gaming websites
• Compile reports to see who is trying to access banned sites.

Add a SpamTitan Technologies Anti-Spam solution and you can also block the barrage of spam and phishing emails that are sent whenever major sporting events take place.

Beware of 2012 London Olympics Spam Email Cyberattacks

by G Hunt | April 3, 2012 | Spam Advice

The 2012 London Olympics spam email campaigns have already started to be sent, even though we are still months away from the opening ceremony. That has not stopped cybercriminals from starting their phishing campaigns and cyberattacks. The run up to a big sporting tournament can be an even better time to get the unwary to download malware to their devices and reveal sensitive information. When people are excited they tend to take more risks, and people are very excited about the Olympics, especially those living in the British Isles.

2012 London Olympics spam email ticket scams

How often do the Olympics come to a country close enough for it to be feasible to actually attend an event or two? For most people that is very rare occurrence. People living in Britain or Ireland will see the 2012 sports extravaganza as finally being within reach. Unfortunately, the combined population of the UK and Ireland is around 68 million people, which is a few too many to fit into the London Olympic stadium and the other venues housing this year’s Olympic events. Tickets are therefore difficult to obtain.

A ticketing system exists that allows people to enter their names for the events they want to see; however, it is something of a lottery as to whether a ticket can be purchased. Only a lucky few will get to see their preferred events. Everyone wants to see the 100M final, but not so many are interested in the early handball heats. Where there is high demand there is money to be made, and criminals use the huge popularity of the sports events to launch Olympics ticket scams. Many of these scams are delivered by email.

Unwanted tickets are being offered online, touts are pushing their over-priced tickets, and cybercriminals are selling fake tickets to popular events. It is a time to be cautious. It is important that tickets are not bought from anywhere other than an authorized seller. If that means you cannot see an event, that is unfortunately just the way it is. If you are being offered a ticket via email by a stranger, chances are it is a scam.

That scam may not just be designed to get you to pay £1,000 for your fake ticket. In many cases, the purpose of the spam email is to get you to reveal your bank account details, credit card number, or install malware on your computer or portable device.

Phishing attacks are popular with cybercriminals, and 2012 London Olympics spam email campaigns are one of the preferred methods of launching attacks. Individuals are also being targeted with spear phishing emails. Instead of sending millions of emails offering tickets to the 100M final or opening ceremony, some scammers are researching their targets to maximize the probability of getting a response.

There is no point offering 3-day event tickets to your average soccer fan. They are unlikely to respond. However, if you know a soccer fan is planning to travel to London from France, offering that person a ticket to see a France soccer game is likely to get a better response. Especially if they are known to be in the UK at the time, and have said on social media they are trying to get a ticket. Criminals research individuals on social media and create highly targeted phishing emails.

Employers must be particularly careful as Olympic fever will grip many workers. They may respond to a 2012 London Olympics spam email at work and inadvertently download a virus or nasty malware. Protecting the network is going to be harder over the coming months.

Now is therefore a good time to issue warnings to the staff to be wary. Advise employees of the methods that can be used to identify a spam email and you will minimize the probability of an employee responding. Such tactics are reasonably effective at preventing malware infections and accidental disclosures of confidential company information.

Unfortunately, all it takes is for one individual to respond to a 2012 London Olympics spam email for a network to be compromised, so other tactics should also be employed.  We recommend installing an Anti-Spam solution to stop the 2012 London Olympics spam email campaigns from ever reaching end users.

As for Anti-phishing protections, a web filter is the solution. This will prevent users from visiting Olympics-themed websites that have been infected with malware, contain malicious code, or featuring ads that have been placed by cybercriminals.

Email Scammers are in Love with St. Valentine’s Day

by G Hunt | February 12, 2012 | Spam Advice

There are only two days to go before the red roses arrive, you get a box of chocolates, are taken out for a meal and treated to a night of passion (well, we hope so!). You may therefore want to start preparing. Maybe get a nice dress or a swanky new suit so you can look at your best.

You should also prepare for the onslaught of spam and phishing emails that are likely to be heading your way. Cyber criminals, spammers and scammers have fallen in love with St. Valentine’s Day. They take advantage of the human need to be loved and send out just the type of email people are hoping to receive.

Unfortunately, if you respond, you will not be treated to a night of passion and you will not discover a new secret admirer. You are likely to have malware installed or your bank account emptied.

Beware of scam emails and St. Valentine’s social media scams

In years gone by, scammers primarily used email or the telephone to fraudulently obtain money from the unwary or gullible. The meteoric rise in popularity of social media networks has given criminals a much easier opportunity to make money. There are phishing scams aplenty on social media networks.

However, email continues to work well for the scammers. Many people look for ways to save money on St. Valentine’s Day, and respond to emails offering discounts on flowers, chocolates, gifts, and holidays.

Spam emails typically sent by criminals tend to have subject lines such as “Will you be my Valentine?”, “Valentine’s Day Jewelry”, and “Cheap Flowers for Valentine’s Day”. The same subject lines that could possibly be sent by legitimate retailers or potential lovers. This is why the emails are opened by so many people.

In March, 2010, the results of a new study were published by the Messaging Anti-Abuse Working Group. The study looked at why people fall for email scams. The study was conducted on 3,716 individuals and they were asked questions about their response to spam email.

In some cases, it was not a failure to identify an email as spam that resulted in the email being opened, but because the recipient was genuinely interested in the products or services being offered. 11% of respondents opened the messages, knowing that the email was spam and 15% of those individuals did so because they liked the sound of the offer or product.

Scammers are aware that a percentage of their emails will be opened, and also that many people will respond and disclose information. The more emails that can be sent, the bigger the response will be and the more money will be made. The volume of spam emails being sent is therefore unlikely to decrease. The only thing that will stop the emails is when it is no longer profitable to send them.

How to avoid becoming a victim of a scam or phishing campaign this Valentine’s Day

Businesses need to be particularly wary this Valentine’s Day. If these malicious emails are delivered to employees’ inboxes, a percentage (11% according to the study) of those employees will open them. Many may visit malicious websites as a result – a link to a malicious website offering cut price jewelry with free next day delivery. They may even open malware-infected attachments – a JPEG picture of an admirer for example that is really a cunningly masked executable file.

By installing a spam filter with an anti-phishing component, the vast majority of these emails will be caught and quarantined and, if one does get through, the user will be prevented from visiting a malicious website. In the case of SpamTitan, 99.97% of those emails can be blocked. This is one of the best steps that can be taken to protect networks from malware delivered via email.

Additional protections include:

• Instructing employees how to identify a phishing attack, and teaching best practices to follow to avoid compromising a network or becoming a victim of a scam.
• Develop a culture of security awareness. Get employees to stop and think before taking an action and always to suspect that an email may be a phishing attack
• Never to unsubscribe from an email mailing list they haven’t joined. The email can be marked as junk and all future emails will be delivered to the spam folder, or caught in an Anti-Spam filter if one has been installed
• If an offer is interesting enough to warrant a response, contact the company via its official website or use the telephone. The contact details can be found in the phone book or through the search engines. Do not contact the company using the details supplied in the email
• Keep all Anti-Virus, Anti-Malware, and Anti-Spam definitions up to date
• Tell staff not to trust any unsolicited email they receive

Free Shipping Day Equals Network Security Nightmare

by G Hunt | December 14, 2011 | Spam Advice

The network security nightmare that is Black Friday to Cyber Monday has now passed, but Free Shipping Day is not much better for IT security professionals. They now have to cope with another of the busiest online shopping days of the year.

Fortunately, Free Shipping Day is tomorrow, Friday 16^th December. That means the weekend starts the day after. It will be needed. Free Shipping Day means long hours need to be put in by IT security professionals! Spam emails are likely to arrive by the bucket load as the scammers take advantage of so many consumers buying online.

The cost of shipping can be expensive. Even very low priced items are not such a bargain when postage and packaging charges have been added. Shoppers finally find an ideally priced gift item for Christmas that is still in stock, available in the right color and size, and then they are hit with a massive shipping charge. Free Shipping Day removes any uncertainty.

Purchase from any of the 2,000+ U.S. retailers who take part, and you can forget about shipping charges. You can purchase in confidence knowing that the price displayed next to the product is all you will have to pay.

The day is a fairly new initiative to get consumers to spend more, but tomorrow is not a holiday. That means online shopping will have to take place from work. Wait until the evening and you will not pay postage charges, but will there be anything left to buy?

Many employees are banned from online shopping websites at work but, even with a ban in place, Free Shipping Day often proves too much of a temptation. Research shows that more money is spent online during working hours than any other time, so many employees are using work computers for online shopping – even if it is not allowed by employers.

Interestingly, research from AOL suggests 20% of workers use work time to do shopping or view pornography. Employers may allow a little of the former, but certainly don’t permit the latter. Yet that still happens.

Regardless which is chosen, both are a nightmare for network security professionals. Shopping websites and adult sites are targeted by malvertisers who are attracted by the high traffic that the sites receive. Malvertisers place adverts on the sites through legitimate advertising networks. They then direct users to malicious websites. A busy online shopping day means a busy day for online criminals.

Employers and their IT departments must be particularly vigilant for inappropriate Internet use and must keep a close eye on the websites that employees are visiting. A malware infection acquired from a malicious website could compromise a computer or, worse still, the network.

A recent survey conducted by Robert Half Technology indicates 23% of CIOs do allow employees some online shopping time at work; although those employers often monitor the visited sites and check to make sure staff are not wasting an excessive amount of time on personal matters.

Employees are happier without Draconian bans on Internet use and happy employees are generally more productive. However, to make sure this privilege is not abused and networks are not placed at risk, companies need to implement web filtering solutions.

This is an important precaution. Over 431 million adults became victims of cybercriminal activity this year. The cost to business is estimated to be $114 billion per year.

Beware of Halloween-Themed Spam Attacks

by G Hunt | October 26, 2011 | Spam Advice

Halloween brings out the ghouls, ghosts, and trick or treaters – and also plenty of cybercriminals. The latter use All Hallows Eve (and the run up to Halloween) to launch new cyberattacks and scams to trick internet users into revealing their personal information. Their treat is the emptying of a personal or business bank account and they reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are common in the run up to Halloween.

For SpamTitan, Halloween is a busy time with numerous new Halloween-themed spam and phishing scams uncovered. This holiday time is expected to be no exception. Many new Halloween phishing scams can be expected to be launched this year as cybercriminals try to take advantage of the unwary.

Halloween-Themed Spam Warning!

So far we have seen a number of new spam emails being sent, as well as some old favorites from years gone by. One of the most common themes is a “Halloween Sale,” which exploits the human need to find a bargain. This year pirated goods are being advertised in the thousands, along with cut price Halloween costumes, free gifts, special offers, Halloween-themed surveys and links to online videos.

The aim of all of these spam emails is to get users to reveal their personal information, such as account login details and credit card numbers. Often the emails deliver malware and viruses to inboxes, other times they send links to phishing websites that harvest information. It is not always credit card details that the scammers seek. Social Security numbers, dates of birth and other personal information are highly valuable; as are telephone numbers which can be used by scammers to make bogus phone calls.

New Halloween-Themed Spam Doing the Rounds

Some old favorites are seen year after year, yet they prove to be just as effective second, third and fourth time around. One of these scams was first launched in 2007 and involves scammers sending a link to a video of a dancing skeleton. By clicking the link users do not only get to see the video, they are also delivered a Halloween package of malware.

The malware-ridden web archive file in this campaign is automatically downloaded to computers. It has been estimated that millions of individuals have already fallen for this campaign and have infected their phones, laptops, tablets, and desktops.

It is not just links to infected websites that are the problem. Scams are sent via Facebook, Twitter and other social networking sites. These social media spam campaigns are proving to be highly effective. Emails are often sent containing Halloween-themed attachments, which appear genuine with file suffixes look safe. PDF files and word documents for example do not tend to arouse suspicion, yet they can easily contain malware and hidden malicious code.

It is all too easy for the unwary to accidentally click and open these attachments. The result of doing so could prove very expensive indeed. The malware contained in these email attachments can log keystrokes or even give hackers full access to the computer used to access the messages.

With so many elaborate email phishing scams now being devised, it is essential that all computer users take precautions. One of the best methods of protecting against phishing campaigns, and spam emails in general, is to block them and make sure they never arrive in an inbox. For that, a spam filer is essential. The cost of not using an effective spam filter does not even bear thinking about.

The Huge Cost of Halloween-Themed Spam and Phishing Attacks

You may be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?

Even if one email proves to be successful, the damage caused can be considerable, as Sean Doherty, senior engineer with SpamTitan Technologies explains. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”

Given the huge sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are launched every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.

If criminals did not profit from these types of scams, they would very rapidly stop using them. However, the reality is they do, as Doherty points out, “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”

All it takes is for an absent minded employee to click on a Twitter link that directs them to a phishing website, and malware can be automatically downloaded to their computer. After that, a network can be compromised. Data is then stolen, deleted, or encrypted and only released when a ransom is paid. The cost of cyber attack resolution can be considerable. If all of your company data was suddenly encrypted, would you pay a ransom to get it back? Would you have a choice?

Holiday season is a time to enjoy, but it is also a time when everyone needs to be vigilant. Be on the lookout for scams, phishing campaigns, and unknown email attachments, and make sure all of your security software is up to date. Be careful, and you will be able to enjoy the holiday period.

Gaddafi Phishing Attacks Launched by Cyber Criminals Following Colonel’s Death

by G Hunt | October 23, 2011 | Spam Advice

The death of Muammar Gaddafi has dominated the news headlines and as is typical following such a major news event, cybercriminals have taken advantage, and have launched a number of Gaddafi phishing attacks.

Analysists at SpamTitan Technologies have uncovered many new malicious emails in the past few days. The emails were caught by the SpamTitan Anti-Spam filter and placed in quarantine to prevent users from clicking on malicious links or opening infected email attachments.

The emails contain links to websites containing videos of the death of Muammar Gaddafi, including well as “previously unseen footage” of the colonel and his family. Some emails contain attachments which users can open to view new and grisly videos or pictures. When the do this they will also install malware on their computers.

New Gaddafi phishing attacks uncovered

Two of the emails that have been captured recently have the titles “Gaddafi death video – I shot and killed him”, and “Inside Aisha Gaddafi’s bathroom.” A number of similarly themed emails have also been intercepted and quarantined by SpamTitan.

The Advance Free Fraud scheme commonly used by Nigerian criminal gangs (419 scams) have been tailored and used to piggyback the news of Col. Gaddafi’s death. These schemes are used to try to get victims to reveal their bank details to criminals. Private and confidential information is disclosed in the belief that a large sum of money will be deposited in the victim’s account. They receive a transfer of cash, it is then moved on, and in exchange for this they are given a very healthy commission.

One of the latest Gaddafi phishing attacks involves an email request from Mrs. Gaddafi who requires assistance moving a considerable amount of the colonel’s capital. She reportedly has gold reserves stored in secret locations, which she needs to cash in. In order to do that undetected, she needs European and American bank accounts. Money will be transferred and then moved on, and a sizeable payment will be offered to anyone who is able to offer her help. Needless to say, no funds will be deposited, at least not in the victims’ accounts.

These scams net criminals millions of dollars because many people fall for these phishing attacks and scams. The FBI estimates that around $40 billion has been obtained from 419 scams such as this.  Because spamming is so profitable, many criminals are getting in on the act. The more spam that is delivered to inboxes, the greater the chance of people responding to the scams and handing over control of their bank accounts. Spamming is a numbers game.

Consumers need to be wary and should never respond to requests such as these, as tempting as it may be to be paid tens of thousands of dollars for receiving a transfer of cash. Businesses need to be particularly careful too. Employees may not reveal company bank account information, but many campaigns result in malware being installed on the victim’s computer. If employees respond to the emails at work, this could result in malware being installed on a work computer or worse still, the access could be given to a company network.

Fortunately, SpamTitan’s Anti-Spam solutions will capture these scam emails, preventing them from being delivered. WebTitan will protect businesses from phishing attacks and stop end users from visiting phishing websites. Staff training can help to reduce the risk of malware infections; however, for total peace of mind anti-spam and anti-phishing solutions should be installed. There will always be one individual who believes they can get rich quickly by responding to one of these 419 scams.

How to Phishers Get Paid? What Happens to All the Money?

by G Hunt | September 20, 2011 | Spam Advice

Out of curiosity I decided to take a look at some of the emails that were blocked by the SpamTitan filter this morning. Boy am I glad I did. There was an amazing opportunity to be had! I had been selected by a very generous individual who wanted to give me a percentage of an enormous pot of cash if I could just spend a few minutes of my time helping him out.

A large amount of money needed to be sent to Col. Muammer Gaddafi, but there was an issue with the transfer to his account. Sometimes, it can be hard to transfer £17,500,000 from South African bank accounts into Libya. It had taken this guy almost four years of trying and he still hadn’t been able to move the funds. Fortunately, he had found a way to do it, and a percentage of that money would be coming my way if I could help him.

The problem, you see, is the authorities are trying to rob the colonel of all of his cash. They are doing a good job of it too, but have not found this South African bank account yet. That money is safe for now, but not for long. The money couldn’t be easily accessed from Libya as the authorities were watching. The money would therefore need to be transferred into a holding account to get it out of Africa. That holding account could be my account. Once the authorities stop sniffing around, the money could be moved on, minus my cut for just supplying my account details for the transfer.

I was even thanked in advance for my kindness. What a very nice and generous man he is. I have summarized the email because as nice as he was, his spelling and grammar were atrocious. Well, he is foreign and English is not his first language! He also pointed out he was not a criminal. Boy, that was a relief. I would have hated to get involved in any sort of crime. I wonder what my cut will be? He failed to mention it in the email!

Some people will fall for it!

Of course, it doesn’t take SpamTitan’s dual Anti-Virus engines to figure out that this offer is a bit suspect. But you would be surprised how many people fall for these scams. Criminals net a huge amount of money from campaigns such as this. Sometimes, people are even willing to take a chance when their common sense tells then that something isn’t right.

These types of emails are known as 419 scams. You will not be surprised to find out that there is no £17,500,000 fund, and by supplying bank account details your balance will not suddenly increase. It is just a scam to get you to reveal your bank account information and other personal details. Criminals will then steal your money and your identity.

I say there is no £17,500,000 fund. That is because it is actually a lot closer to $40 billion. That is the amount of money that is estimated to have been made by criminals operating these 419 scams. Believe us. They do work. They are effective, they are incredibly lucrative, and people do fall for them. They are also increasing in number and complexity.

If you want to ensure your organization is protected from 419 scams, and your employees do not end up falling for these and more harmful spam campaigns, it’s time to start using SpamTitan’s Anti-Spam solutions. Not all 419 scams are this obviously fake, and greed often gets the better of common sense. Oftentimes it is not personal bank accounts that the criminals want access to. There is much more money to be made from accessing corporate accounts.

Beware of Whaling: Highly Targeted Phishing Campaigns

by G Hunt | August 3, 2011 | Spam Advice

You will probably be aware of the term phishing: A method used by criminals and hackers to obtain sensitive information from individuals, usually with a view of using that information to gain access to bank accounts, computer networks, or commit identity theft.

Phishing is a growing phenomenon. Online criminals use social engineering techniques to get users to reveal sensitive data. They also convince end users to install malware that can be used to log keystrokes or even allow hackers to take full control of a device.

Phishing is highly effective and allows criminals to make billions of dollars every year. However, the way campaigns are conducted limits the earning potential of criminals. Campaigns are often sent via spam email and that is a numbers game.

Spam emails get caught up in email filters, are marked as junk, or are quarantined. Emails must therefore be sent out in the millions in order for a criminal to get just a few responses. Oftentimes, online criminals do not actually have enough real email addresses and have to resort to guessing, hoping that catch-all accounts exist and some will be delivered.

Whaling – A new phishing technique that is proving to be highly effective

Rather than sending emails by the million, criminals have worked out that it is possible to get the same number of responses by sending just a handful of emails. In order to successfully obtain the bank account login credentials of one individual, it may be necessary to send out a million emails using standard phishing techniques. It is also possible to do it with one: The email just needs to be very convincing.

The term whaling has been coined to describe this new tactic. Rather than using a very big net to catch a few small fry, a spear gun can be used to target a very big target. Whalers pursue one target and the payoff can be considerable. A whale is more valuable than a handful of sprats.

Whaling is not random and the technique requires skill and effort. A target must be identified and researched. A campaign must then be devised that will convince that individual, or a small group of individuals, to respond. Emails must be crafted that are realistic. Since the targets are usually senior executives in a company, they are likely to be extremely cautious about revealing information, opening files, or visiting websites.

Whaling therefore requires detailed information to be gained about the target. The more information that can be gained about the target’s likes and dislikes, their role within the company, contact information and family life, the easier it is to craft an email that they will respond to. This takes a lot of time and effort but the prize is worth it. Senior executives have access to highly valuable data.

Due to the effectiveness of whaling campaigns, many criminals are switching to this mode of attack. Many of those attacks are conducted not on email, but via social media channels.

Has improved security protections forced phishers to move from email to social media networks?

Opinion is divided within the IT security industry about the move from spam email to social media networks as the preferred vector for delivering phishing campaigns. Almost a third of respondents in a recent SpamTitan survey did not believe that improved Anti-spam technologies have triggered the move to social media networks.

The survey also showed that 37% of respondents believe that phishing is a growing phenomenon, and that additional protections are required to keep networks secure.

Many believe that the switch to social media networks is simply due to the number of individuals that have signed up for accounts, and phishing is therefore a natural response to the rise in popularity of online communities that encourage the sharing of personal information.

If personal information is uploaded by individuals onto social media networks, it is possible to build an accurate picture of an individual very easily indeed. Ask Facebook. The company doesn’t need to charge users as the information it gathers is incredibly valuable to advertisers. They can create highly targeted advertising campaigns with the data. Unfortunately, phishers can use that information too.

Corporations as well as individuals must therefore take great care when using social media sites. It is all too easy to reveal sensitive information and become a victim of a phishing or whaling attack. Fortunately, SpamTitan Technologies can offer protection from phishers, whalers, and other online scammers. Email phishing campaigns can be blocked, while the company’s web filtering solutions can prevent phishing websites from being visited.