Tag: Email Security
Spear Phishing: Is Your Boss a Whale?
Spear and whale phishing 1have been around for a while now, but recent social engineering efforts are focusing more on company executives. An example is this type of email: it certainly looks legit at first glance; even the phone number and address – right down to the floor number – are correct. But take a closer look at the URL used in the links: the real site has no relation to puzzlejs-mailing.com. (Jul 29, 2010)
My spam is different from your spam!
The type of spam you receive depends on many things, including your behavior on the net, how you use your email address, your position in a company and much more. As a software company executive I receive a very particular stream, one that is probably very different than what most people receive. Well, at least that's what our Security Operations team tells me. (Jul 22, 2010)
Surfing on Web 2.0: Where Innovation Meets Cybercrime
Yesterday, I logged into Facebook. I usually never use my account there (I am not a Facebook fan), but once in a while I’ll spend some time on it. For the first time, after entering my credentials, a “security” page appeared stating that unusual activities have been witnessed on my account. I then had to answer some questions, choose the names of some tagged friends, and reset my password. I have no idea what happened or how my account got compromised. (Jul 20, 2010)
Sex, pills & scams
These three words reflect 90% of the spam traffic for May-June 2010. Between fake Twitter emails and classic Nigerian 419, there was a rise of new phishing attempts using .html attachment files. (Jul 15, 2010)
Organized Cybercrime
A month ago I read a fascinating book called McMafia 1by Misha Glenny 2. Glenny, a former BBC world correspondent, presents a terrifying yet eye opening look at how organized crime has progressed with Globalization over the last few decades. Glenny covers all the major illicit activities from global drug trafficking networks, to prostitution and human trafficking. One chapter in particular is dedicated to the future of organized crime and the fastest growing sector, cybercrime. (Jul 13, 2010)
Privacy vs. Data Leakage: What’s More Important to You?
In an earlier post, I discussed why your business needs Policy Management and the different causes of Data Leakage. In today’s post, I will take a closer look at one of the causes of data leakage protection and how it can be prevented: let’s look at the case of the Disgruntled Employee. (Jul 08, 2010)
Who’s responsible for Internet Security?
A couple of stories in the news today caught my attention because they have very opposite perspectives on tackling cybercrime and Internet security. First, the Australian government is thinking of making home computer users responsible for security1. They’re contemplating legislation to force users to install anti-virus programs and firewalls on their home computers before being allowed to connect to the Internet. (Jun 23, 2010)
Why Your Business Needs Policy Management
Instead of being reactive to scandals and managing them after the fact, organizations should take a proactive role and protect data leakage before it happens, to prevent the loss of secrets that are revenue generating. However, most companies are still under-protected and focus their security budgets on compliance and protection of custodial data (customer personal information) rather than internal information such as corporate/product strategy, or financial reports which directly affect the bottom line. (Jun 17, 2010)
Honest, I don’t want an email security appliance!
Vendors have their own very special reasons for pushing email security appliances, instead of virtual machines or straight software installations. You may find that their reasons do not always align with your own. (Jun 14, 2010)
Angelina Jolie wants to be my friend: The pitfalls of social media
I guess writing this blog brings some perks after all. I’ve been nominated to ‘represent [my] professional community’ for every possible Who’s Who list, Facebook invitations are coming in fast and furious, I’m getting offered all kinds of free product subscriptions, and, judging from my message content, I think my 15 minutes of fame have finally arrived! (Jun 09, 2010)
Interview with Adam Guerbuez: $873 Million Dollar Man
"I need a one way ticket to Tijuana!" You might think that if something happens and you want to escape. But if you live in Canada, just sit back and relax - you have nothing to worry about. Canada is known for their lazy laws for certain types of crimes, especially "new" ones (like the latest incidents of financial fraud and spam). (Jun 07, 2010)
May Email Security News: New Undersea Cables Feed African Botnets
Email Security Industry news from May 2010 with commentary (May 31, 2010)
Interesting question from a customer: “Why should we block .EXEs?”
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it. (May 26, 2010)
SURBL: The catch of the day
There it is again: another email in your Inbox from an obscure financial institution, requesting that you click on the available link and be redirected to an unknown, unsecured website. Prompted for personal details or your credit card number, you hesitate to enter this information thinking something seems fishy. (May 19, 2010)
Here come the spam police
The German courts may have just opened the floodgates. Their top criminal court ruled this week that home wireless users can be held responsible for not password-protecting their wireless connections. If the unprotected connection is used for illegal file downloads, the owner can be fined up to 100 Euros (currently $126). (May 17, 2010)
Most Common Support Issue: Whitelist = Spoofed Spam
No one likes to see spam in their Inbox, especially when it comes from themselves! Users often get confused and even worry that their identity has been stolen. The main cause for this is that they have whitelisted their own email address to bypass scanning for outbound traffic. Users do not realize (or understand) that spammers can spoof their email address and send spam that appears to be from themselves. (May 14, 2010)
Facebook or Faceblock? Facebook implementing their own ‘email security’?
Facebook is coming under scrutiny (again!), this time about their email scanning policies. Most of you are probably in the email security industry and are well aware that any email security solution will scan a message to divert or block spam, phishing, etc. (May 12, 2010)
Think you don’t spam? Think again!
Who has never sent email spam? Maybe you wanted to promote something, contact friends or relatives you never really emailed before (at least with a normal email), send a chain letter that promised success and money or to promote a garage sale using your local hockey team email list? Maybe you sent a message for your business using a large contact list grabbed on a corporate email with a multitude of CC’d addresses? Or did you ‘borrow’ the customer list from work for your own use? (Oh, that’s bad!) (May 05, 2010)
Your mail server might not be the cause of delivery problems
Most support people have seen every mail server configuration possible, and others that would have been considered impossible. No matter whether the operating budget is very tight, mega-sized or somewhere in between, people often try to throw everything onto a single server, including the kitchen sink. Well, that kitchen sink is often the cause of email blockage, rather than the actual mail server program. Even a honking new machine with mega-sized specs can have performance problems if it becomes bloated with unnecessary and/or resource hogging apps. (May 03, 2010)
April Email Security News: McAfee update error impacts many systems
A summary of links to articles that I have found interesting in the last few weeks. Includes my own commentary. (Apr 30, 2010)
