Combating Email Threats
Taken From " PC Quest" 29 April 2011
Are you sure your anti-virus solution is enough to secure your system your email threats? Check whether your email system is vulnerable to email viruses, worms and other threats. Here we discuss various email threats and ways to fight them
In today's world, email is critical to any business. Be it dealing with the clients and customers or with employees, email is an effective way of communicating with them. You can keep a check on your business through emails without being physically present in your office. It also acts as storage for your important files and contacts, which you can retrieve anytime from anywhere. However, with the increasing usage of email, security has become more significant. Threats like viruses, spam and phishing can easily be send through emails and these threats can cause you a lot of harm like revealing your important information to a third person. Here, we will be discussing about email threats and how to counter them.
This is one of the most common threats involving high risks. A virus can cause a lot of damage to a system or to an entire server and cripple a network. It can destroy the data or rather an entire database and also the person who sent you the virus can gain the access of your system and mis-use data. Virus like VBMania spread through a malicious link in an email.
This is another most common email threat, also known as junk email. It not only floods your inbox with unwanted emails but also contains various other threats like viruses, Trojans, malware, etc. It also can cause a threat to your personal information. Primarily email address distributed at different web servers is more likely to get the spam. These emails are collected in different ways, one of which is crawlers. It actually collects the email address from different websites, forums and adds them to the spam database.
Attachments coming through email may contain infected objects like key-loggers. Key-loggers can be embedded in an image files, audio file or an exe file. As soon as you download and click on it, it will get installed in your system and you would not even come to know about this. This key-logger then sends your key strokes or the screenshot to the third person, leaking your passwords and IDs.
Identity theft :
Identity theft is actually done through phishing emails, eavesdropping, etc. Once you click on a link and enter your personal information, it goes to a third party or a person, who gain access to your email. He can use your credit card information, banking ID and passwords, client deals, etc against you and can drain your hard earned money also.
Identity theft is basically done through Phishing. Identity thieves target mostly the Internet banking customer. They send them a fake link, asking the customers to enter their banking login ID and passwords and as soon as the customer enters the ID and password, the information is sent to the thieves not to the bank.
Fake IDs: Online websites like
http://www.anonymailer.net lets you send email from a fake email address. You can create any fake email ID and send an email to your friend or you can also get such fake emails from fake IDs. Such emails seem to be coming from a safe sender but in reality they are not. These kinds of mails may contain infected links which can download malicious files on your system.
Apart from all these threats, caused by external agents, there is always a threat from within an organization. One such threat is information leakage. Employees use email services in an organization to exchange information but knowingly and unknowingly they send out the confidential information to external sources. Unknowingly because they may not be aware of company policies on sharing the information within the organization and outside it. Knowingly because they are not satisfied or are revengeful. Also email sent by an employee containing offensive material may lead to some legal action against an organization. So organizations need to be very cautious about email security. Installing just an anti-virus would not serve the purpose. A proactive approach is what an organization needs. Let's discuss some of the steps that an organization can take to tackle email security threats.
Ways to counter threats
Email policies :
This should be the first step towards email security. Explicate your email policies well and make sure that employees are aware of these policies. You can post these policies on intranet, on notice board or distribute the hard copies to your employees. Also, you can include these policies in the agreement during the joining of an employee. You can arrange sessions to make employees aware of these policies, so that they understand and follow them effectively. During such sessions you may get to know other security threats as a feedback from your employees. Over a period of time this will help in updating the policies. Now that the policies are created and employees understood the importance, it is time to make sure that policies are strictly followed.
Rich HTML :
Try not to allow rich HTML or XHTML content in emails. If you are using email clients like Microsoft Outlook then you should configure it for simplified HTML rather than rich HTML. Since there is always a threat of getting phishing mails or infected links, you can also configure your mail for plain text only. In this way you can protect yourself from security threats like fake links.
Email encryption :
Whenever you are sending an email containing any important or confidential information there is high chance that the mail will be intercepted before reaching its destination. In this case, your information will be revealed. So if you do not want to disclose your information then you should encrypt the emails. You can use different encryption protocols like TSL, SSL, S/MIME. No one can read the message without a key, which is used for decrypting the emails. In Microsoft Outlook you can install digital signing and encrypting certificates to encrypt your emails.
Security software :
Anti-virus is a must if you want to protect your system from viruses or Trojans but anti-virus alone is not effective from securing the system from email threats. You also need to install anti-spam and firewall that actually checks the outgoing and incoming mail. Anti-spam filters the mail on the basis of the words, links, sender, languages, etc. But at times the text messages are stored in images. It is then difficult to track these kinds of email as spams. So the anti-spam software should be capable to scan these images using OCR technique. Apart from this, make sure that before opening any attachment you scan it for viruses and refrain yourself from storing passwords in mailbox.