Spam Advice

How to Manage Requests to Disclose Employees Passwords

by G Hunt | March 15, 2021 | Spam Advice

How many times have you had a phone call or an email from a manager in your organization asking for you to give them the password of an employee to enable them to access their email account?

This request is often made when an individual is on leave and a call is received from a client or colleague wanting to know if they have actioned a request sent before they left. All too often a client has sent an email to their account manager before he or she went on vacation, but it was accidentally missed.

Access to the email account is necessary to avoid embarrassment or to ensure that a sales opportunity is not missed. Maybe the employee in question has failed to set up their Out of Office message and clients are not aware that they need to contact a different person to get their questions answered.

In years gone by, managers used to keep a log of all users’ passwords in a file on their computer. In case of emergency, they could check the password and access any user account. However, this is risky. Nowadays this is not acceptable behavior. It also invades the privacy of employees. If a password is known by any other individual, there is nothing to stop that person from using those login credentials any time they like. Since passwords are frequently used for personal accounts as well as work accounts, disclosing that password could compromise the individual’s personal accounts as well.

Maintaining lists of passwords also makes it harder to take action over inappropriate internet and email use. If a password has been shared, there is no way of determining whether an individual has broken the law or breached company policies. It could have been someone else using that person’s login.

IT staff are therefore not permitted to give out passwords. Instead they must reset the user’s password, issue a temporary one, and the user will need to reset it when they return to work. Many managers will be unhappy with these procedures and will still want to maintain their lists. Employees will be unhappy as they often use their work email accounts to send personal emails. Resetting a password and giving a manager access could be seen as a major invasion of privacy.

What is the solution?

There is a simple solution which will ensure that the privacy of individuals is assured, while forgotten Out of Office auto-responders can be set. Important emails will not be missed either. To do this you can set up shared mailboxes, although these are not always popular.

Do this in Outlook and a manager may need to have many set up in their Outlook program. It will also be necessary for them to train staff members how to use the shared mailboxes, and policies might need to be written. They may need to have to permanently keep the mailboxes of multiple teams open in Outlook.

Is there an easier option?

There is another choice, and that is to delegate permissions. It is more complicated to implement this control as it requires an MS Exchange Administrator to provide Delegate Access. Using Delegate Access will make it possible for an individual, with the appropriate permissions, to send an email on behalf of another employee. This means mailboxes do not have to be open all the time. They can just be opened when an email needs to be sent. This may be ideal, but it will not allow a manager to set up a forgotten Out-of-Office auto-responder.

That would require a member of the IT department, a domain manager, to do it. A ticket would need to be submitted requesting the action. This may not be popular with managers, but it is the only way for the task to be performed without revealing the user’s login credentials or setting up a temporary password which would breach their privacy.

You might be unpopular, but security is vital

If you encounter resistance, you must explain the reasons why password sharing is not permitted: The risks it poses and the problems it can cause.

These matters should be included in a company’s computer, Internet and email usage policies. If the sharing of passwords contravenes company policies, any requests to share passwords would result in the IT department breaching those policies. Requests to divulge that information would therefore have to be denied.

Of course, Out-Of-Office auto-responders are not an IT issue. This is an issue that should be dealt in staff training. It is also a check that a manager should make before a member of staff leaves and goes on holiday, while the employee is still at work.

The dangers of password sharing

Organizations are facing an ever-growing threat from cybercriminals. In 2019 and 2020, we have seen many high-profile data breaches, resulting in serious financial repercussions and damaged brand reputation. Password-sharing at work carries a massive  risk for organizations. 81% of breaches originate with stolen or weak passwords. When hackers gain entry to your system, shared passwords make it easier for them to access other parts of your network.

If by chance an intruder finds a document full of shared passwords in a employee’s Google drive that opens up the entire system to attack.  This also exposes your organization to legal issues if customers’ privacy rights are violated.

Why do employees share passwords ?

Sharing passwords is extremely risky for the organization . Oftentimes the reason cited for doing this is easier collaboration with colleagues. Sometimes employees share passwords because it’s the company policy. In these situations it’s vital for I.T. to intervene and provide a better way for employees to collaborate, and potentially serious consequences down the road.

Reasons why passwords should never be shared, even with a manager

• Passwords are private: This is a fundamental element of IT and network security. This rule cannot be broken or bent
• There are alternatives to sharing of passwords that will achieve the same aim: ticket requests, shared mailboxes, and delegate permissions these should be used instead
• The sharing of passwords violates an individual’s privacy
• If a password is shared, the results of an account audit cannot be trusted.
• Password reuse– Many people use the same password to access multiple accounts and platforms. By sharing reused passwords, employees increases the risk a single stolen password poses for companies.
• You’re responsible for any activity conducted under your username. If someone else is logged in under your account, you’re still responsible for whatever happens.Data security is more important than an auto-responder
• Bring Your Own Device (BYOD) – Employees are increasingly working from home and use their personal smartphones and laptops in addition to company-issued devices. The WFH trend has led  to productivity gains. Unfortunately, the benefits can easily be wiped out if passwords shared with friends or family gives unauthorized access to your network and confidential data.
• Acceptable Usage Policies would be violated

Multi-Factor authentication to stop password sharing

 When MFA is in place, access is only possible when the user validates using two authentication factors. For example, they initially enter their password but must then complete a second authentication request. This could be a code received via a device. Multi-factor authentication, like any security approach, works best when used in tandem with other security strategies.

If a ban on password sharing does not exist in your organization, it must be implemented as a priority. You will not be able to do this without the support of senior managers. You may not feel that it is your job to try to implement a ban, but you should make a case for it. It will help your department protect the network, it will save you time in the long run, and it will be better for the business.

To find out more about password security and some of the key protections you can put in place to improve your resilience against attacks, contact the SpamTitan team today.

How to Avoid Email Server Blacklisting

by G Hunt | September 8, 2016 | Spam Advice

Knowing how to avoid email server blacklisting is vitally important for any organization that relies on email as a channel of communication. The consequences of your email server being blacklisted can be costly, inconvenient, and potentially damaging to your organization´s credibility.

To best understand what email server blacklisting might mean to your organization, it is ideal to have a little knowledge about how email server filters work. Consequently we have divided this post into three sections explaining a little about email server filters, what may cause your email server to be blacklisted, and how to avoid email server blacklisting.

A Little about Email Server Filters

Email server filters do not actually filter your incoming emails at server level. They protect your organization from spam emails and other email-borne threats from the cloud or as a virtual appliance installed between your firewall and your email server. The distinction between the two types of filter is that virtual appliances can be more appropriate for some larger organizations.

Regardless of how they are deployed, email filters effectively work in the same way – using fast front-end tests to detect and reject the majority of spam emails before a deeper analysis is conducted of the email that remains. One of these front-end tests is a comparison of each email against a list of known sources of spam. This list is known as the Realtime Block List or RBL.

If your organization´s IP address appears on this list, all of your emails will be rejected by most email filters until the IP address is removed from the list – something that can take anything from 24 hours to six months to resolve completely. During this time you will have to ask your customers and other contacts to add your email address to a safe list or “whitelist”.

Why Was My Email Server Blacklisted?

There are several reasons why an email address (or IP address) can be blacklisted, and it is important to find out the exact reason(s) before trying to get your organization´s IP address removed from the Realtime Block List. If you fail to identify the cause, and fail to take steps to avoid email server blacklisting in the future, it can be much tougher to get un-blacklisted second time around.

Blacklisting typically occurs for one of several reasons:

• Your system has been infected with a spambot that has created multiple email accounts within your organization´s domain and is using those accounts to send out spam email.
• Someone in your organization may have revealed their login credentials and a spammer is using that information to send spam emails from the end-user´s email account.
• Emails sent innocently from one or more end-user accounts have had a high proportion of spam-related keywords, or have had infected files attached to them.

The last scenario is entirely possible if an end-user has prepared a presentation or spreadsheet on an infected home computer and bought the infected file into the workplace on a flash drive. Most email filters have antivirus software for identifying malware in attachments. If the infected attachment is sent to multiple recipients – and identified by multiple email filters – your organization´s IP address will quickly be blacklisted.

How to Avoid Email Server Blacklisting

Ideally, organizations should be able to avoid email server blacklisting by having robust antivirus protection and educating their end-users about online security. There should also be an email usage policy in place that would avoid email server blacklisting due to inappropriate content or unsafe attachments – even when these events occur inadvertently.

Click to View

Unfortunately end-users are the weakest link in the security chain, and it only takes one end-user to click on a malicious URL or reveal their login credentials for an organization´s IP address to be blacklisted. In fact, if blacklisting is the worse consequence of a security breach, your organization has got off lightly and should consider itself lucky that the consequences were not far more serious.

Consequently, the best way how to avoid email server blacklisting is with an email filter that has malicious URL blocking to prevent end-users visiting malware-infested websites, with phishing protection to reject emails directing an end-user to fake website, and outbound scanning to identify potential spam and infections contained in – or attached to – outgoing emails.

Avoid Email Server Blacklisting with SpamTitan

Not all email filtering solutions have mechanisms to avoid email server blacklisting. However, SpamTitan has taken these factors into account in the design of SpamTitan Cloud and SpamTitan Gateway. Both of our solutions for email filtering use “URIBL” and “SURBL” protocols to compare links contained within inbound emails and their attachments against a global blacklist of known malicious and phishing sites.

The same protocols – along with several other mechanisms – are used in the scanning of outbound mail to ensure it is clear of viruses and could not be interpreted as having spammy content. Outbound scanning would also identify spam emails originating from a spambot or a compromised email account in order to prevent it from being sent and avoid email server blacklisting.

Naturally, you do not want your end-users to be under the impression that their emails have been sent when they are caught by the outbound filter. So SpamTitan Cloud and SpamTitan Gateway have comprehensive reporting features that advise of any problems in order that the problems can be rectified quickly and effectively – certainly more quickly than trying to get your organization´s IP address removed from a Realtime Block List.

Holiday Email Spam Season is Upon Us

by G Hunt | November 25, 2015 | Spam Advice

‘Tis the season to be jolly, but it is also the season for holiday email spam. Malware infections increase during holiday periods and this year is unlikely to be any different. Holiday email spam is coming, and it doesn’t matter whether you’ve been naughty or nice. If you do not take precautions, you are likely to receive a gift of malware this Christmastime.

Holiday email scams are sent in the billions at this time of year because of one simple fact: They work. People let their hair down over Christmas and New Year, but they also let their guard down. That gives online criminals an opportunity to get malware installed, fool consumers with phishing campaigns, and generally cause some festive mayhem.

Holiday email spam is now being sent: Avoid the Christmas rush and get your malware now!

Christmas week may see many people infected with malware, but the run up to Christmas can be even worse. As soon as the first decorations go up in the shops, holiday email spam starts to be sent. Email is commonly used to send malware.

Nasty malicious programs are masked as Christmas screensavers, phishing campaigns will appear as festive quizzes, and you can expect an African prince to need your assistance with a huge bank transfer. Don’t be surprised to find out that you have won a Sweepstake in a country you have never visited or that one of your online accounts will be hacked requiring you to receive technical support.

These and many more scams will be delivered in a wave of holiday email spam and, if you let your guard down, you may inadvertently fall for one of these often cleverly devised scams. Some of the latest phishing scams are incredibly convincing, and you may not even realize you have fallen for the scam and have become a victim.

Employers Beware: End users are especially gullible at this time of year

Everyone must be wary at this time of year due to the huge increase in spam email campaigns. Employers especially must take care as employees can be particularly gullible at this time of year. Their minds are on other things, and they are not as diligent and security conscious as they may usually be.

To make matters worse, each year the scammers get better and holiday email spam becomes more believable. If one of your employees falls for holiday email spam attack, it may not only be their own bank account that gets emptied. Phishing campaigns are devised to get employees to reveal critical business data or login credentials. The FBI has warned that business email is being targeted. In the past two years over 7,000 U.S. firms have been targeted and have suffered from criminal attacks. Those attacks initially target employees, and the festive season is an ideal time for a business email compromise (BEC) attack to take place.

Common Holiday Email Spam Campaigns in 2015

Send an email bulletin to your employees highlighting the risk that holiday email spam poses, and warn them that they may shortly start receiving phishing emails and other spam campaigns. They are likely to have forgotten how risky the festive season can be.

Business Email Compromise (BEC) Attacks

The FBI has already released a warning this year to organizations that perform wire transfers on a regular basis and/or work with foreign suppliers. They are being targeted by cybercriminals using sophisticated scams that start with the compromising of a business email account. Social engineering and phishing tactics are used to get employees to reveal their login credentials. Once access to bank accounts has been obtained by criminals, fraudulent transfers are made. Holiday email spam campaigns are expected to be sent targeting organizations and specific employees within those organizations. During the holiday period employees must be told to be ultra-cautious.

Holiday e-card scams

Holiday e-card scams are common at Christmastime. Criminals take advantage of the growing popularity of e-cards and send out spam emails in the millions telling the recipient to click a link to download their e-card. However, those links are sent to convince users to download malware to their computers. Any email containing a file attachment claiming to be an e-card is likely to be fake. The attachment may be malware.

Holiday-themed screensavers

Christmas and other holiday-themed screensavers are commonly downloaded by employees. These screensavers can be fun and festive, but may actually be malicious. Employers should consider implementing a ban on the downloading of screensavers as a precaution. Staff members should be warned that any .scr file sent in an email should be treated with suspicion and not downloaded or installed. Criminals mask attachments and the .scr file may actually be an executable file that installs malware.

Ashley Madison revelations and TalkTalk scams

A number of major data breaches have been suffered this year that have resulted in customer data being exposed. Criminals are threatening to expose personal data, especially in the case of Ashley Madison clients. Emails are sent threatening breach victims, informing them that they must pay not to have their data posted on the internet. Some criminals will be in possession of the data; other scams will be speculative. If an email is received, it is essential that professional advice is sought before any action is taken.

If you receive an email asking you to take action to secure your account after a company you use has suffered a data breach – TalkTalk for example – it is essential to only change your password via the official website. Do not click on links contained in emails. They may be phishing scams.

Free Star Wars tickets

You can guarantee that such a major event for moviegoers will be the subject of multiple email spam campaigns. Criminals would not pass up the opportunity to take advantage of the release of a new Star Wars film.

There are likely to be competitions aplenty, free tickets offered, and many other Star Wars spam campaigns in the run up to the release. This is the biggest movie release of the year for many people. Fans of the films are excited. They want to see snippets of the film, read gossip, and find out if Luke Skywalker will actually be in the new film. Many people are likely to fall for scams and click phishing links or inadvertently install malware.

Get prepared this holiday season and you can keep your computer and network spam and malware free. Fail to take action and this holiday time is unlikely to be jolly. Quite the opposite in fact.

Beware of the New Electric Ireland Phishing Scam

by G Hunt | November 19, 2015 | Spam Advice

If you live in Ireland, you may receive an email offering you a refund on your electricity bill; however, the email is not genuine. Scammers are targeting current and former customers of Electric Ireland hoping they will respond to the offer of a refund. By doing so they will receive no money. They will just have their bank accounts emptied.

The Electric Ireland phishing scam is highly convincing

The Electric Ireland phishing emails appear to be genuine. They give a valid reason for clicking on the link contained in the email, and have been well written. The link directs the recipient to a phishing website that looks genuine. Even the request made on the website is perhaps not unreasonable.

In order to receive the refund, customers must enter in their banking information to allow the electricity company to make a transfer. In order to confirm their identity, current and former customers must supply proof of identity. The scammers ask for a scan of customers’ passports.

Other reports indicate that some customers have been sent links to fake websites that require them to disclose their mobile phone numbers as well as security codes and passwords.

It is unclear how the scammers have obtained the email addresses of Electric Ireland customers, as according to the utility company there has been no security breach, and the database in which customer account information is stored remains secure. However, an audit is being conducted by the company’s IT department to determine if any individual has managed to infiltrate its network or has otherwise gained access to customer data.

A spokesman for the Garda has confirmed that many Irish citizens have already fallen for the Electric Ireland phishing scam and have reported that fraudulent withdrawals have been made from their personal bank accounts.

The Electric Ireland phishing scam is one of many highly convincing campaigns to have been uncovered in recent weeks. Online criminals have become more skilled at crafting emails and setting up malicious websites, and it can be difficult to determine whether a request is genuine or fake.

The Electric Ireland phishing scam may look genuine, but legitimate companies would not send emails requesting sensitive information of that nature to be disclosed over the Internet. It should also be noted that if a company has taken excess funds from a bank account to pay a bill, the company would be able to issue a refund directly to the same bank account. They would not require those details to be provided again – nor request copies of ID, mobile phone numbers, or passwords.

If any individual who has fallen for the Electric Ireland phishing scam they should contact their bank immediately and place a block on their account. This will prevent the criminals from making any fraudulent transfers. However, it may be too late for many customers to prevent losses being suffered.

To reduce the risk of falling for phishing scams, the best defense is to block spam and scam emails from being delivered. To do this a spam filter should be used, such as that provided by SpamTitan. SpamTitan Technologies Anti-Spam solutions also include an Anti-Phishing module to ensure all users are better protected from malicious websites when surfing the Internet.

Any time an email is received that offers a refund, it is ill advisable to click on an email link. Attempts should be made to contact the company directly by calling the number listed on that company’s website. The matter should first be discussed with the company’s customer service department. Never open an email attachment contained in the email, and never divulge confidential information over the internet unless 100% sure of the genuineness of the website.

Two New Email Spam Warnings Issued by BBB

by G Hunt | November 4, 2015 | Spam Advice

Email spam may not be the first choice of hackers for making money, but there are plenty of online criminals who still use email to fool users into installing malware on their computers or revealing sensitive information.

This week, two new email spam warnings have been issued following reports that consumers have received emails that have aroused their suspicions. When checking the authenticity of the emails received, they discovered they were scams. The warnings were issued by the Better Business Bureau (BBB) in an effort to prevent the scams from claiming victims.

The latest email spam campaigns differ from each other, but use tried and tested techniques which have proven to be highly effective in the past.

Jury Duty Scam Email Discovered

Trust in authority figures is being exploited in a new email spam campaign in which users are urged to take action as a result of missing jury duty. A similar email is doing the rounds warning recipients of an impending court case. Should the recipient of the email ignore the request, the case will be heard in their absence and they will not be allowed to mount a defense.

The emails shock recipients into taking rapid action such as clicking a link or opening an email attachment. These two emails are clever in the fact they warn users of the need to respond to a judge or turn up in court, yet the crucial information needed to do so is not supplied in the email body.

Any email recipient believing the email is genuine is likely to open the attachment or click a link to find out which court needs to be visited. By doing so they are guaranteed to have their computer, laptop or mobile device infected with malware.

The BBB was alerted to the scams and issued a warning advising recipients of these emails to delete them immediately. Advice provided saying the U.S. Courts would not contact individuals about jury duty by email. Letters are mailed or telephone calls are made in this regard.

Church Leaders Warned not to Fall for Money Transfer Email Spam Campaigns

The second scam was recently reported by the finance director of Grace Bible Church, who received a request via email to transfer funds to a senior pastor. In this case, the email appeared to be official, having been sent from the senior pastor’s email account.

It is a good security practice to always check the authenticity of an email that requests a transfer of funds. In this case all it took was a quick phone call to the pastor in question to reveal that the request was bogus.

If it is not possible to contact the individual, deleting the email would be the best next course of action. If the request is genuine, the individual in question is likely to make contact again. Spammers tend to send these campaigns randomly. A second request is unlikely to be received if the first is ignored.

The Fight Against Email Spam is Getting Easier

Spam email campaigns are still an effective method of malware delivery. Social media posts and infected websites may now be the preferred method of infection, but users must still be wary about opening attachments or visiting links sent from people they do not know.

Awareness of the tell-tale signs of an email scam has improved in recent years. So has security software used to detect phishing campaigns. SpamTitan Technologies is one such company that provides a highly effective spam filtering solution. It boasts an exceptionally low false positive rate and catches over 99.98% of all spam emails.

Part of the reason why SpamTitan’s Award Winning Anti-Spam solution is so effective at catching email spam is in part due to the power of the AV engines used. Instead of using one class-leading AV engine, it uses two: Bitdefender and Clam Anti-Virus.

By installing this anti-spam solution, malicious emails used to phish for sensitive information can be blocked before they are delivered to an email inbox. Businesses looking to reduce the risk of end users infecting their desktop computers, laptops and portable devices with malware and viruses, will find SpamTitan’s Anti-Spam solutions for the enterprise highly cost-effective. Rather than purchasing a package that offers protection for far more IP addresses than are required, IT professionals can purchase a license that covers end users without wastage.

City of London Police Email Scam Warning

by G Hunt | September 15, 2015 | Spam Advice

City of London Police are sending emails containing important information about a murder suspect. You must be vigilant, and if you see this individual, you should not approach him! The attachment sent via email contains his image, so you will know to avoid him and alert the police if you see him. Unfortunately, opening the attachment will make you a victim. You will not be murdered, but you may end up having your bank account emptied. Yes, this is a City of London Police email scam, and it attempts to convince the good, law abiding public to infect their devices with malware.

City of London Police Email Scam Warning!

One of the latest email scams to be wary of, especially if you live in the UK, involves spam emails with the subject “London City Police.” Contained in the email is a bulletin detailing a murder suspect on the loose, together with a malware-infected attachment.

Fortunately for the wary, there is a clue in the subject that the email is not genuine. There is of course no “London City Police.” The police force in question is called “The City of London Police.” That said, the shock of receiving an email from law enforcement about a murderer on the loose may be enough to convince many to open the email and the attachment.

As one would expect, the email contains a stern warning, with the content phrased in such a way that it could in fact have been sent by the police force. A murderer on the loose in London is a serious matter, and this cunning email spam campaign has been devised to play on the fear that such a matter is likely to create.

How would the Police force have got your email address, and those of everyone else living in your area? That is something that many victims of this email scam may ponder after opening the attachment. Of course, by then it will be too late. Opening the attachment will result in malware being installed on the victim’s computer.

Fortunately, email scams such as this are easy to avoid, in fact, they would not even get to the point of being delivered to an inbox, if precautions have been taken, as explained by Steven Kenny, Customer Support Manager at TitanHQ.

Kenny pointed out that by using SpamTitan, computer users will be protected. He said, “This malware was blocked by SpamTitan before it had a chance to make it to users’ inboxes.” He went on to say, “The malware contained in the attachment was flagged as a virus. The attachment is a zip file, once executed; the malware goes to work.”

SpamTitan Blocked the City of London Police Email Scam

The image below is a screenshot of the City of London Police email scam, which was successfully blocked by SpamTitan.

Current High Risk of Malware Infection

Malware poses a major risk to individuals, but businesses are especially at risk of infection. Employees may be wary of opening emails on their own devices, but are they as security conscious at work?

It is perhaps easier to believe that a work email address would be in the police database, rather than a personal email account. This may lead employees to believe that the email is genuine. Unfortunately, all it takes is for one employee to open an infected attachment, and their computer, and the network it connects to could be infected.

Since email is essential in business, protections must be put in place to ensure networks are not compromised as a result of the actions of employees. If malware is installed, the losses suffered can be considerable. It therefore can pay dividends to implement protection such SpamTitan spam filtering. This will prevent malware-infected emails from being delivered to employees’ inboxes.

11 Spam Filtering Essentials to Reduce Email Spam Risk

by G Hunt | July 20, 2015 | Spam Advice

A spam filter is one of the best ways to reduce email spam risk; however regardless of whether you choose this important email security measure, there are a number of steps you can take to reduce email spam risk, keep your devices protected, and your valuable data out of the hands of spammers and scammers.

11 Spam Filtering Essentials to Reduce Network Security Risk

Listed below are 11 spam filtering essentials that you can implement to reduce spam volume and the risk of cyber attacks.

1.      A Real-Time Block List (RBL) is essential

Spam is commonly sent from a known spam server – one that has been blacklisted, or is known to be used by email spammers. Using a Real-time Block List (RBL) is one of the best protections, that will prevent malicious emails from being delivered to inboxes. This one email security feature has been shown to reduce spam email delivery by 70–90%, and it only takes a few minutes to implement.

Even if you use a spam filter this measure is important. It will reduce the load on your spam filter, email server, and network. An RBL works by blocking messages before they are downloaded, which will also help to save bandwidth. There are a number of ways to do this, although zen.spamhaus.org is one of the best. It is widely regarded as being the best at spam blocking, is updated frequently and importantly boasts a very low false-positive rate.

2.      Recipient Verification will block spam sent to invalid email addresses

Spammers like to bombard companies with emails in the hope that some will get through, or that a catch-all is in place and all will be delivered. Common email addresses used are webmaster@, info@, admin@, sales@ etc. etc. These email addresses are commonly used by companies and there is a good chance that they will be delivered to someone. However, you can use Recipient Verification (RV) to reject the bulk of these emails, and only have properly addressed emails delivered.

To do this, use Microsoft Active Directory integration or upload a CSV file of valid email addresses to your spam filter and mail server. This technique will prevent speculative emails from being downloaded and will similarly reduce the load on your spam filter and mail server, and save bandwidth. This method of spam prevention will take longer to complete than setting up your RBL, but it is a worthwhile investment of your time as it will result in a major reduction in spam delivery.

3.      Configure your server to require correct SMTP handshake protocols

This is one of the most effective methods of blocking spambots and it will stop the majority of spambot emails from being downloaded and delivered. This is a fairly quick task to complete, and should only take you a few minutes. You will need to set your configuration to require a HELO (EHLO) with a Fully Qualified Domain Name. However, it is important to note that it may be necessary to add some of your suppliers to a whitelist to ensure that their messages do not also get blocked. Not all of your suppliers and contacts will have their own email servers configured correctly, so genuine emails may be caught and blocked. Individual organizations will find this step particularly beneficial. MSPs less so, or not at all.

By using the above three spam prevention methods – which incidentally can be used on virtually all email servers – you will make a considerable bandwidth saving, and dramatically reduce the number of spam emails that are downloaded. This will also help to protect your network from malware. If you allocate just 30 minutes to do all three, it will save weeks of your time, which can be better spent on other cybersecurity tasks.

4.      Regularly scan for viruses

A basic security measure is use is a robust and powerful anti-virus program, regardless of whether you use spam filtering. If you don’t implement spam filtering, this measure is especially important, as you are more likely to have viruses delivered to email inboxes.

Even with spam filtering in place, it is also important to have anti-virus software installed and, of course, AV engine and virus definitions need to be kept up to date. Software should be configured to update definitions automatically.

With spam filtering in place, it should be possible to stipulate the update frequency. Be aware that a different anti-virus can be employed to protect endpoints. Using the same AV engine for mail servers and endpoints means that if for any reason your AV software does not detect a virus, all endpoints could potentially be affected. By using a different AV engine for endpoints and mail servers, you maximize the probability of a virus being detected. Fortunately, competition is fierce in this market, so you should not have to pay top dollar to have two different engines in use.

The following steps will apply if you have a spam filter. These will apply no matter which spam filter is used, be that open source, commercial or even cloud-based spam filtering.

5.      Certain attachments carry higher risks so block them!

Executable files – those with a .exe suffix – are particularly risky. Fortunately, it is not necessary to run the risk of a user double clicking on them. The best option is to block these file types and other risky file types if they are not typically needed by staff members. Be aware that spammers are sneaky. It is common knowledge that .exe files are risky, so they mask them with other extensions: PDF, XLS, DOC files for example. To counter this, block by MIME type, not by file extension.

6.      Take Action to Block Phishing Emails

Phishing emails can easily fool employees into clicking on links that direct them to URLs loaded with malware. There are a number of URLs that are recognized as phishing websites and it is possible to block these quickly and easily. To do this, use SURBL and URIBL lists to check for website domains that frequently appear in unsolicited emails.

7.      Ensure that your spam pattern library is regularly updated

You may find that your spam pattern library cannot be configured manually, as this may be hard-wired into your spam filter. Spam signatures are based on a huge database containing recently added spam, as well as past signatures, with the spam-fighting community adding to the database on a daily basis. There are many different resources that can be used, although if you want to ensure you have a fully up to date database of spam signatures, SpamAssassin is arguably the best choice.

8.      Bayesian filtering will recognize more spam and block less ham

A Bayes engine is used by most spam filtering engines and can be trained to recognize spam, and differentiate it from ham (i.e. not spam). It is therefore important to use a regularly updated spam pattern library, which will assign incoming emails with a score, in addition to using feedback provided by end users. The Bayes engine learns what is spam and what is not, and will apply the lessons learned to new emails that are received, constantly improving its detection rates to ensure all spam is caught, and false positives are reduced.

9.      Stipulate the spam score that is right for your company

As a system administrator you have the power to decide what spam score is right for your company. This will depend on how much risk you want to take. You will find that spam filters will usually allow you to dictate how aggressive they are, although you may find this requires a certain degree of tweaking to ensure that spam doesn’t get through and ham doesn’t get accidently blocked. A spam score is assigned by a number of factors, although the type of attachments and the email content are the two main ways that the spam score is calculated. This process is not particularly time consuming, but bear in mind that the first two weeks after your spam filter has been installed is when this task will need to be completed. Be sure to use your trial period to tweak your spam filter to ensure that spam is blocked and the number of false positives are kept to a minimum.

10. Get your end users working for you

Your spam filter will not always get things right, and some spam and junk emails will slip through the net from time to time. It is therefore useful to instruct end users to manually mark any spam and junk emails received, should they get delivered to their inboxes. End users can help to train your Bayes engine to recognize new spam emails and correct false positives.

11. Provide email security awareness training to employees

Nowadays it is essential that all staff members receive security awareness training. They must be taught how to identify spam emails, phishing campaigns, and potential viruses. They must also be informed of the correct actions to take if they do discover a phishing scam or suspect that an email may contain malware or a virus. Also instruct them on the correct actions to take if they do accidentally open a suspicious attachment.

Is it the job of a system administrator to train employees how to protect themselves and their computers? Arguably it is not, but it can save a lot of headaches down the line. Even a little training can go a very long way. Unfortunately, this is an area of email security that is all too often forgotten.

What is essential, is that employees are aware of the risks of falling for a phishing campaign or downloading malware. In some cases, it could spell the end of a company, and along with it, their jobs. You can always use CryptoLocker to scare employees into paying attention.

Training could well make all the difference. Besides, if you do provide training and employees still take risky actions and infect the network, you will have a clean conscience and can say it is not my fault! And be justified in saying it.

Want to Boost Productivity and Save Money? Then Archive Old Emails!

by G Hunt | October 16, 2014 | Spam Advice

Is archiving old emails worthwhile?

For a business, archiving old emails is essential. It can save time, money and also prevent legal issues.

Even so, many companies do not archive old emails and use backups instead. This is a mistake. The purpose of a backup is to allow lost data to be recovered in the event of a system failure, accidental deletion, fire, or cyberattack. Any time data is lost, it can be restored from a backup tape. A backup is therefore an important failsafe.

Backups are not typically saved for a long period of time. Backup tapes are used again and should not be kept indefinitely. If you store backups for legal reasons and have thousands of tapes, you will be spending a small fortune on the wrong technology.

The reason? Backups are not designed to be searchable. If a file is present in a backup it can be restored, but searching for information in a backup file can be difficult and time consuming. Finding information can really be a chore.

An archive is different because email archiving allows fast searches to be conducted. If you sent an email on a particular date, to a particular person, it would be a relatively easy task to obtain this from a backup. However, if you sent an email containing information about a report, or you can only remember certain words, finding that email in a backup could be very difficult indeed. Fortunately, an email archive can easily be searched. Just use a particular word or search term and you will be able to find the missing email in next to no time at all.

Legal requirements for storing data (HIPAA, SOX, GDPR, etc.)

There are legal requirements relating to stored data. Many industries are required to keep data for a long period of time. If a legal request is made to supply data under the Federal Rules of Civil Procedure, finding the required information can take an extraordinary amount of time. It may be necessary to search through many different daily backup tapes to find the required information.

The same scenarios apply if a company works in a regulated industry and is legally required to store data under the Healthcare Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley Act (SOX). Outside of regulated industries, companies storing the personal data of EU citizens on email have to comply with data access requests within thirty days under the General Data Protection Regulation (GDPR). This could be a logistical problem for many EU-facing companies without a searchable email archive.

An email archiving solution that automatically copies emails as they pass through the mail server also complies with legal requirements stipulating an electronically stored information must be “immutable” – i.e. presented in its original form without alteration. Indeed, GDPR insists that mechanisms must be put in place to prevent the accidental or deliberate alteration or deletion of emails as well as to prevent loss, theft or unauthorized disclosure. Back up tapes do not fulfill this requirement.

Email archiving can save you money

• Due to the security risk, backups are often encrypted. To find information, data must be unencrypted, sifted through, restored, and encrypted again. This takes time. In an email archive, information can be obtained much more quickly.
• The more storage space you need the more it will cost. Using backup tapes is an expensive way of storing old data. Email archiving on the other hand allows storage space to be used much more efficiently. Archiving systems can remove duplicates and that can save a considerable amount of space.
• It is easy to move an archived email from one location to another. Migration is simple, even when moving to an updated server.
• Space is at a premium, especially when it comes to email. Email is usually housed on a server that has limited space. Limits have to be set on individual mailboxes, which means many users end up deleting emails when they have reached their storage limit. Busy professionals don’t have time to do this and typically delete huge volumes of emails – including many that are important. IT departments then get requests a few days later asking for a hastily deleted email to be restored from a backup tape. An efficient archiving system eliminates this headache.
• Old emails need to be checked to identify data leakage. When an insider is found to have stolen data it is essential to check email accounts to find out what has been stolen. When audits have to be conducted, it is far easier with archived email than obtaining data from backups.

The flexibility provided by an email archiving system is essential for businesses. It makes old emails much easier to locate, information can be retrieved rapidly, and it is a more cost efficient method of storing old data than backups. If you have yet to implement an efficient archiving system, now is the time to do so. In the long run it will save you a lot of time, effort, and money.

One in Five Phishing Scams Target Bank Customers

by G Hunt | July 14, 2013 | Spam Advice

Phishing is not a problem that must only be dealt with by consumers. Businesses are being targeted based on the financial organizations they use, according to the latest research conducted by Kaspersky Labs. The Anti-Virus software provider has been investigating the evolution of phishing. The study looked at the attacks that had taken place between May 2012 and April 2013. The survey revealed that phishers are changing tactics, and are attempting to obtain bank account information. If business bank accounts can be obtained, so much the better. They usually contain much more money than personal accounts.

Hackers often target businesses they despise. Their intention is not always to make money but to cause harm. If bank accounts can be obtained they can be sold to cybercriminals. Accounts are plundered, and sometimes businesses go bust as a result. You may not have offended any hackers, but that doesn’t put you in the clear. Some hackers are involved in organized crime and they will not care who they target as long as money can be obtained.

If a bank is targeted and you lose funds, can you sue them?

A bank is attacked and a business loses money from its account. Can a business sue a bank for a cyberattack? Some are now trying.

EMI has filed a lawsuit against Comerica, in which it claims that the financial institution failed to implement appropriate security defenses which directly led to one EMI employee falling for a phishing campaign. An employee was tricked into revealing EMIs bank account details. As a result, over $500,000 was rapidly transferred out of EMIs accounts. Protections were not in place at the bank to stop this.

Unsurprisingly, the bank has claimed that this was the fault of EMI. It is EMIs responsibility to ensure its employees are trained, and do not fall for phishing campaigns. The bank could have done nothing to prevent that employee from falling for the phishing scam. EMI could have taken action though. It is unlikely that the lawsuit will result in the bank having to cover the losses of EMI.

Phishing prevention starts with staff training

If you want to protect your company’s bank balance, and stop phishers making transfers, the first step to take is to provide all staff members with cybersecurity training. One response to a phishing email is all it takes to see a bank account emptied. It therefore makes a great deal of sense to instruct members of staff about phishing emails. In the above case, the provision of such training may have saved $500,000.

The FBI estimates that these schemes, and other cyberattacks, net online criminals around $100 billion a year. These funds are obtained from large corporations and individuals, but small businesses are now being increasingly targeted. They lack the security software used by large corporations and their bank accounts contain more money than consumer accounts.

Unfortunately for SMEs, the same protections are needed as those used by large corporations. Unfortunately, IT budgets are not nearly as large. SMEs must therefore choose the best protections to put in place that will offer the greatest protection for the least outlay. Many do not even employ dedicated cybersecurity staff, so the products they choose must be easy to install, operate and maintain.

To protect against phishing, businesses must concentrate not on protecting their network with firewalls, but protecting end users. They are the ones who will be targeted by a phishing attack.

There are two methods that can be used in this regard (apart from staff training): The use of a spam filter to prevent phishing emails from being delivered, and a web filter to stop users visiting phishing websites.

The number of phishing attacks has increased significantly over the course of the past year. Because the tactic is proving to be so profitable, 2013 and 2014 are likely to see even more attacks take place. Any business that fails to take action to address the risk is likely to become a victim. Maybe not today, maybe not tomorrow, but soon.

SpamTitan Network and Email Security Predictions for 2013

by G Hunt | January 22, 2013 | Spam Advice

Being forewarned is being forearmed, which is why SpamTitan has issued five network and email security predictions for 2013. Over the course of the next 12 months, mobile applications and social media networks are likely to have a major impact on businesses, especially small to medium-sized enterprises. However, both have potential to introduce new security risks. These will need to be addressed.

Last year the volume of cyberattacks increased, as did the variety of new malware identified. More sophisticated cyberattacks were conducted in 2013 than in previous years, and they have proven to be even more damaging.

Last year was difficult for IT security professionals. Unfortunately, the coming year is unlikely to be any easier. If you want to keep your network secure and your data protected, a considerable effort will be required over the next 12 months!

SpamTitan Network and Email Security Predictions for 2013

1.      Social media monitoring will become essential to keep networks secure and staff productive

The popularity of social media websites is growing, and people are now spending an extraordinary amount of time connecting with people online, sending messages, reading and writing posts, uploading photographs, friending and poking. People crave interaction so this should be no surprise. With even more social media sites to choose from, and the use of the sites now ingrained, employees will want to use the sites more frequently at work. It is up to employers to harness the power of social media and prevent abuse.

Managers who have yet to tackle the issue of social media website use at work will need to take action in 2013. Whether it is implementing a ban or policies covering usage, the issue will not be able to be ignored any more. Since employees will use the sites even if a ban is implemented, we expect more companies to start adopting ways to curb usage, as well as taking action to address the network security risks the sites pose.

2.      BYOD is here to stay and the trend will continue

BYOD is driven by employees, not by employers. Employees want to bring their own devices to work, and employers can reap the benefits. The problem that must be addressed is how to manage the considerable security risks. Many companies will decide the risks posed by the devices outweigh the benefits, and many will look to harness the power of web tools and cloud based applications.

We expect security polices will need to be put in place by organizations in 2013. Employees who are permitted to bring their own devices to work are likely to have more restrictions put in place on the use of those devices. Additional security measures to enforce policies will also be installed.

3.      Cybercriminals will start to use social media as the main way of profiling targets

As the use of social media networks grows and consumers spend more time on the sites, cybercriminals will start to use the websites as a way of identifying and profiling their targets for spear phishing campaigns. Malware attacks via Facebook and other social media platforms are also likely to increase over the next 12 months. Criminals will also become more skilled at using social media networks to obtain the information necessary to defraud their targets.

Email spam volumes should continue to fall as criminals find it harder to profit from spamming campaigns. The past 2-3 years have seen spam volume decline and this is likely to continue in 2013. 3 years ago, the volume of spam emails stood at around 90% of all emails sent. Now the figure is around 70%. We expect the total to fall to around 60% this year.

4.      Phishing attacks will primarily be conducted via social media websites

Phishing campaigns have been found to be highly effective on Facebook and Twitter. These two social media platforms were the most popular with phishers last year, and that is likely to continue in 2013. Social media campaigns can be conducted rapidly, and require little outlay. As the threat grows, we expect organizations to take action and implement defenses to reduce the risk of their employees falling for phishing schemes. They will be given little choice if they want to keep their networks protected.

5.      Market consolidation to continue and businesses will increasingly consider alternative solution providers

The information security industry is likely to see even more market consolidation in 2013. Smaller companies will merge, with numerous takeovers expected. Last year, Trustwave bought out M86 Security, and Eleven GmbH was acquired by Commtouch.

However, end user businesses should find they can stay competitive if they concentrate on niche products. Specialist products will continue to be developed and fine-tuned, offering consumers more powerful security solutions for specific areas of network security.

Do you agree with our network and email security predictions for 2013? We expect, as an IT professional, you will have your own security predictions for 2013. What do you think the next 12 months have in store for IT security pro’s?

Have you Planned for the 2012 European Football Championships?

by G Hunt | June 12, 2012 | Spam Advice

The European Football Championships are almost upon us, which is fantastic news for football (soccer) fans, but terrible news haters of ‘The Beautiful Game’. It is also something of a nightmare for employers.

It is easier to manage than the World Cup of course. There are only a very limited number of time zones across Europe, so no matter where the games are played, most kick-off times are outside of normal business hours. Unfortunately, standard business hours are becoming a thing of the past for many workers and not all qualifying games are played in the evening. Many employees will face a dilemma. Watch the game at work and risk the ire of an employer, or miss out on some live football action. A great many will choose the former and will use streaming websites to see the games live.

IT security risks are introduced during major sporting events

Major sporting tournaments have a knock on effect on productivity, but that is actually a relatively minor issue compared to the increased network security threat that comes from sports streaming websites. Streaming websites breach copyright laws. The owners of websites showing live sports games run a risk of arrest, heavy fines and even prison terms for their deeds. They must therefore make enough money to make it worthwhile.

To do this they show adverts on their sites. However, few people click on standard adverts. They go on the sites to watch sports, not click on links. The site owners therefore have to be sneaky. They make it hard for the adverts to be closed. The put multiple X’s in the adverts, which launch pop ups. This means that your standard football addict will end up clicking on multiple adverts in an attempt to close them.

Cyber criminals are well aware of the tactics used by the site owners, and know that ad’s will be clicked by everyone using the sites. If they are able to get their adverts on ad networks, getting visitors to their malicious websites could not be easier. That means more individuals will inadvertently download their malware, more computers will be infected, and they will make more money.

So are the European Football Championships all bad news for employers?

The European Football Championships mean owners of streaming websites will make money, it’s a win for cyber criminals and hackers, and great for Football fans. Employers don’t fare too well, and neither to IT security professionals. Bandwidth is chewed up by employees streaming games, the malware risk increases and it is a potentially unproductive time for a few weeks.

That said, it’s not all bad for employers. Research conducted by Robert Half Technologies shows that there are positives. In a poll of HR directors, 44% thought that the European Football Championships would actually have a positive impact on morale and employees would be more motivated. This happened during the Olympics. IT professionals were not so complimentary about the benefits. In fact, 57% will be banning access at work due to the high network security risk and bandwidth issues.

A ban can be implemented easily. All it takes is an email, or a mention in a staff meeting. But how can the ban be enforced?

How can you block streaming websites, control Internet usage at work, and manage risk?

There are many ways to block website access, but it can be time consuming to set up. It is also hard to block access to ALL websites used for streaming. These often change or are shut down and new ones opened. Blanket bans can result in legitimate websites being blocked, and setting rules on individual browsers is just not an option. It is far too time consuming, and too easy for users to change their own settings to allow temporary access.

The best solution is to use web filtering software. This allows internet usage to be centrally controlled by a system administrator. You could even block all games apart from those involving those played by your home country. It really is very simple to have that level of control (if you have the right web filter installed).

SpamTitan Technologies web filtering solutions have highly granular controls, which will allow you to:

• Block websites by domain, category, URL pattern, or content
• Prevent users from downloading certain file types
• Block or permit certain websites for specific groups or individuals
• Set restrictions based on time-frames – i.e. allowing workers to stay after work to watch games, but block access during working hours for groups or individuals
• Prevent end users from visiting links to malicious websites
• Block malicious adverts from being displayed
• Blocking all streaming services, including music and video
• Block online gaming websites
• Compile reports to see who is trying to access banned sites.

Add a SpamTitan Technologies Anti-Spam solution and you can also block the barrage of spam and phishing emails that are sent whenever major sporting events take place.

Free Shipping Day Equals Network Security Nightmare

by G Hunt | December 14, 2011 | Spam Advice

The network security nightmare that is Black Friday to Cyber Monday has now passed, but Free Shipping Day is not much better for IT security professionals. They now have to cope with another of the busiest online shopping days of the year.

Fortunately, Free Shipping Day is tomorrow, Friday 16^th December. That means the weekend starts the day after. It will be needed. Free Shipping Day means long hours need to be put in by IT security professionals! Spam emails are likely to arrive by the bucket load as the scammers take advantage of so many consumers buying online.

The cost of shipping can be expensive. Even very low priced items are not such a bargain when postage and packaging charges have been added. Shoppers finally find an ideally priced gift item for Christmas that is still in stock, available in the right color and size, and then they are hit with a massive shipping charge. Free Shipping Day removes any uncertainty.

Purchase from any of the 2,000+ U.S. retailers who take part, and you can forget about shipping charges. You can purchase in confidence knowing that the price displayed next to the product is all you will have to pay.

The day is a fairly new initiative to get consumers to spend more, but tomorrow is not a holiday. That means online shopping will have to take place from work. Wait until the evening and you will not pay postage charges, but will there be anything left to buy?

Many employees are banned from online shopping websites at work but, even with a ban in place, Free Shipping Day often proves too much of a temptation. Research shows that more money is spent online during working hours than any other time, so many employees are using work computers for online shopping – even if it is not allowed by employers.

Interestingly, research from AOL suggests 20% of workers use work time to do shopping or view pornography. Employers may allow a little of the former, but certainly don’t permit the latter. Yet that still happens.

Regardless which is chosen, both are a nightmare for network security professionals. Shopping websites and adult sites are targeted by malvertisers who are attracted by the high traffic that the sites receive. Malvertisers place adverts on the sites through legitimate advertising networks. They then direct users to malicious websites. A busy online shopping day means a busy day for online criminals.

Employers and their IT departments must be particularly vigilant for inappropriate Internet use and must keep a close eye on the websites that employees are visiting. A malware infection acquired from a malicious website could compromise a computer or, worse still, the network.

A recent survey conducted by Robert Half Technology indicates 23% of CIOs do allow employees some online shopping time at work; although those employers often monitor the visited sites and check to make sure staff are not wasting an excessive amount of time on personal matters.

Employees are happier without Draconian bans on Internet use and happy employees are generally more productive. However, to make sure this privilege is not abused and networks are not placed at risk, companies need to implement web filtering solutions.

This is an important precaution. Over 431 million adults became victims of cybercriminal activity this year. The cost to business is estimated to be $114 billion per year.

Beware of Halloween-Themed Spam Attacks

by G Hunt | October 26, 2011 | Spam Advice

Halloween brings out the ghouls, ghosts, and trick or treaters – and also plenty of cybercriminals. The latter use All Hallows Eve (and the run up to Halloween) to launch new cyberattacks and scams to trick internet users into revealing their personal information. Their treat is the emptying of a personal or business bank account and they reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are common in the run up to Halloween.

For SpamTitan, Halloween is a busy time with numerous new Halloween-themed spam and phishing scams uncovered. This holiday time is expected to be no exception. Many new Halloween phishing scams can be expected to be launched this year as cybercriminals try to take advantage of the unwary.

Halloween-Themed Spam Warning!

So far we have seen a number of new spam emails being sent, as well as some old favorites from years gone by. One of the most common themes is a “Halloween Sale,” which exploits the human need to find a bargain. This year pirated goods are being advertised in the thousands, along with cut price Halloween costumes, free gifts, special offers, Halloween-themed surveys and links to online videos.

The aim of all of these spam emails is to get users to reveal their personal information, such as account login details and credit card numbers. Often the emails deliver malware and viruses to inboxes, other times they send links to phishing websites that harvest information. It is not always credit card details that the scammers seek. Social Security numbers, dates of birth and other personal information are highly valuable; as are telephone numbers which can be used by scammers to make bogus phone calls.

New Halloween-Themed Spam Doing the Rounds

Some old favorites are seen year after year, yet they prove to be just as effective second, third and fourth time around. One of these scams was first launched in 2007 and involves scammers sending a link to a video of a dancing skeleton. By clicking the link users do not only get to see the video, they are also delivered a Halloween package of malware.

The malware-ridden web archive file in this campaign is automatically downloaded to computers. It has been estimated that millions of individuals have already fallen for this campaign and have infected their phones, laptops, tablets, and desktops.

It is not just links to infected websites that are the problem. Scams are sent via Facebook, Twitter and other social networking sites. These social media spam campaigns are proving to be highly effective. Emails are often sent containing Halloween-themed attachments, which appear genuine with file suffixes look safe. PDF files and word documents for example do not tend to arouse suspicion, yet they can easily contain malware and hidden malicious code.

It is all too easy for the unwary to accidentally click and open these attachments. The result of doing so could prove very expensive indeed. The malware contained in these email attachments can log keystrokes or even give hackers full access to the computer used to access the messages.

With so many elaborate email phishing scams now being devised, it is essential that all computer users take precautions. One of the best methods of protecting against phishing campaigns, and spam emails in general, is to block them and make sure they never arrive in an inbox. For that, a spam filer is essential. The cost of not using an effective spam filter does not even bear thinking about.

The Huge Cost of Halloween-Themed Spam and Phishing Attacks

You may be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?

Even if one email proves to be successful, the damage caused can be considerable, as Sean Doherty, senior engineer with SpamTitan Technologies explains. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”

Given the huge sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are launched every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.

If criminals did not profit from these types of scams, they would very rapidly stop using them. However, the reality is they do, as Doherty points out, “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”

All it takes is for an absent minded employee to click on a Twitter link that directs them to a phishing website, and malware can be automatically downloaded to their computer. After that, a network can be compromised. Data is then stolen, deleted, or encrypted and only released when a ransom is paid. The cost of cyber attack resolution can be considerable. If all of your company data was suddenly encrypted, would you pay a ransom to get it back? Would you have a choice?

Holiday season is a time to enjoy, but it is also a time when everyone needs to be vigilant. Be on the lookout for scams, phishing campaigns, and unknown email attachments, and make sure all of your security software is up to date. Be careful, and you will be able to enjoy the holiday period.

Gaddafi Phishing Attacks Launched by Cyber Criminals Following Colonel’s Death

by G Hunt | October 23, 2011 | Spam Advice

The death of Muammar Gaddafi has dominated the news headlines and as is typical following such a major news event, cybercriminals have taken advantage, and have launched a number of Gaddafi phishing attacks.

Analysists at SpamTitan Technologies have uncovered many new malicious emails in the past few days. The emails were caught by the SpamTitan Anti-Spam filter and placed in quarantine to prevent users from clicking on malicious links or opening infected email attachments.

The emails contain links to websites containing videos of the death of Muammar Gaddafi, including well as “previously unseen footage” of the colonel and his family. Some emails contain attachments which users can open to view new and grisly videos or pictures. When the do this they will also install malware on their computers.

New Gaddafi phishing attacks uncovered

Two of the emails that have been captured recently have the titles “Gaddafi death video – I shot and killed him”, and “Inside Aisha Gaddafi’s bathroom.” A number of similarly themed emails have also been intercepted and quarantined by SpamTitan.

The Advance Free Fraud scheme commonly used by Nigerian criminal gangs (419 scams) have been tailored and used to piggyback the news of Col. Gaddafi’s death. These schemes are used to try to get victims to reveal their bank details to criminals. Private and confidential information is disclosed in the belief that a large sum of money will be deposited in the victim’s account. They receive a transfer of cash, it is then moved on, and in exchange for this they are given a very healthy commission.

One of the latest Gaddafi phishing attacks involves an email request from Mrs. Gaddafi who requires assistance moving a considerable amount of the colonel’s capital. She reportedly has gold reserves stored in secret locations, which she needs to cash in. In order to do that undetected, she needs European and American bank accounts. Money will be transferred and then moved on, and a sizeable payment will be offered to anyone who is able to offer her help. Needless to say, no funds will be deposited, at least not in the victims’ accounts.

These scams net criminals millions of dollars because many people fall for these phishing attacks and scams. The FBI estimates that around $40 billion has been obtained from 419 scams such as this.  Because spamming is so profitable, many criminals are getting in on the act. The more spam that is delivered to inboxes, the greater the chance of people responding to the scams and handing over control of their bank accounts. Spamming is a numbers game.

Consumers need to be wary and should never respond to requests such as these, as tempting as it may be to be paid tens of thousands of dollars for receiving a transfer of cash. Businesses need to be particularly careful too. Employees may not reveal company bank account information, but many campaigns result in malware being installed on the victim’s computer. If employees respond to the emails at work, this could result in malware being installed on a work computer or worse still, the access could be given to a company network.

Fortunately, SpamTitan’s Anti-Spam solutions will capture these scam emails, preventing them from being delivered. WebTitan will protect businesses from phishing attacks and stop end users from visiting phishing websites. Staff training can help to reduce the risk of malware infections; however, for total peace of mind anti-spam and anti-phishing solutions should be installed. There will always be one individual who believes they can get rich quickly by responding to one of these 419 scams.

How to Phishers Get Paid? What Happens to All the Money?

by G Hunt | September 20, 2011 | Spam Advice

Out of curiosity I decided to take a look at some of the emails that were blocked by the SpamTitan filter this morning. Boy am I glad I did. There was an amazing opportunity to be had! I had been selected by a very generous individual who wanted to give me a percentage of an enormous pot of cash if I could just spend a few minutes of my time helping him out.

A large amount of money needed to be sent to Col. Muammer Gaddafi, but there was an issue with the transfer to his account. Sometimes, it can be hard to transfer £17,500,000 from South African bank accounts into Libya. It had taken this guy almost four years of trying and he still hadn’t been able to move the funds. Fortunately, he had found a way to do it, and a percentage of that money would be coming my way if I could help him.

The problem, you see, is the authorities are trying to rob the colonel of all of his cash. They are doing a good job of it too, but have not found this South African bank account yet. That money is safe for now, but not for long. The money couldn’t be easily accessed from Libya as the authorities were watching. The money would therefore need to be transferred into a holding account to get it out of Africa. That holding account could be my account. Once the authorities stop sniffing around, the money could be moved on, minus my cut for just supplying my account details for the transfer.

I was even thanked in advance for my kindness. What a very nice and generous man he is. I have summarized the email because as nice as he was, his spelling and grammar were atrocious. Well, he is foreign and English is not his first language! He also pointed out he was not a criminal. Boy, that was a relief. I would have hated to get involved in any sort of crime. I wonder what my cut will be? He failed to mention it in the email!

Some people will fall for it!

Of course, it doesn’t take SpamTitan’s dual Anti-Virus engines to figure out that this offer is a bit suspect. But you would be surprised how many people fall for these scams. Criminals net a huge amount of money from campaigns such as this. Sometimes, people are even willing to take a chance when their common sense tells then that something isn’t right.

These types of emails are known as 419 scams. You will not be surprised to find out that there is no £17,500,000 fund, and by supplying bank account details your balance will not suddenly increase. It is just a scam to get you to reveal your bank account information and other personal details. Criminals will then steal your money and your identity.

I say there is no £17,500,000 fund. That is because it is actually a lot closer to $40 billion. That is the amount of money that is estimated to have been made by criminals operating these 419 scams. Believe us. They do work. They are effective, they are incredibly lucrative, and people do fall for them. They are also increasing in number and complexity.

If you want to ensure your organization is protected from 419 scams, and your employees do not end up falling for these and more harmful spam campaigns, it’s time to start using SpamTitan’s Anti-Spam solutions. Not all 419 scams are this obviously fake, and greed often gets the better of common sense. Oftentimes it is not personal bank accounts that the criminals want access to. There is much more money to be made from accessing corporate accounts.