Tag: Email
Spear Phishing: Is Your Boss a Whale?
Spear and whale phishing 1have been around for a while now, but recent social engineering efforts are focusing more on company executives. An example is this type of email: it certainly looks legit at first glance; even the phone number and address – right down to the floor number – are correct. But take a closer look at the URL used in the links: the real site has no relation to puzzlejs-mailing.com. (Jul 29, 2010)
Who is Responsible for Internet Security: A Response
Basically you have the Australian courts who want to place the onus on the shoulders of end-users. Others want to put the responsibility on Operating System or Application vendors due to their security holes. Finally, you have the Mail System operators or Network connectivity providers (ISPs) who don't take sufficient measures to combat open relays or botnets where infected machines act like SMTP proxies. (Jul 26, 2010)
My spam is different from your spam!
The type of spam you receive depends on many things, including your behavior on the net, how you use your email address, your position in a company and much more. As a software company executive I receive a very particular stream, one that is probably very different than what most people receive. Well, at least that's what our Security Operations team tells me. (Jul 22, 2010)
Sex, pills & scams
These three words reflect 90% of the spam traffic for May-June 2010. Between fake Twitter emails and classic Nigerian 419, there was a rise of new phishing attempts using .html attachment files. (Jul 15, 2010)
Privacy vs. Data Leakage: What’s More Important to You?
In an earlier post, I discussed why your business needs Policy Management and the different causes of Data Leakage. In today’s post, I will take a closer look at one of the causes of data leakage protection and how it can be prevented: let’s look at the case of the Disgruntled Employee. (Jul 08, 2010)
Why Your Business Needs Policy Management
Instead of being reactive to scandals and managing them after the fact, organizations should take a proactive role and protect data leakage before it happens, to prevent the loss of secrets that are revenue generating. However, most companies are still under-protected and focus their security budgets on compliance and protection of custodial data (customer personal information) rather than internal information such as corporate/product strategy, or financial reports which directly affect the bottom line. (Jun 17, 2010)
Honest, I don’t want an email security appliance!
Vendors have their own very special reasons for pushing email security appliances, instead of virtual machines or straight software installations. You may find that their reasons do not always align with your own. (Jun 14, 2010)
Angelina Jolie wants to be my friend: The pitfalls of social media
I guess writing this blog brings some perks after all. I’ve been nominated to ‘represent [my] professional community’ for every possible Who’s Who list, Facebook invitations are coming in fast and furious, I’m getting offered all kinds of free product subscriptions, and, judging from my message content, I think my 15 minutes of fame have finally arrived! (Jun 09, 2010)
Interview with Adam Guerbuez: $873 Million Dollar Man
"I need a one way ticket to Tijuana!" You might think that if something happens and you want to escape. But if you live in Canada, just sit back and relax - you have nothing to worry about. Canada is known for their lazy laws for certain types of crimes, especially "new" ones (like the latest incidents of financial fraud and spam). (Jun 07, 2010)
May Email Security News: New Undersea Cables Feed African Botnets
Email Security Industry news from May 2010 with commentary (May 31, 2010)
SURBL: The catch of the day
There it is again: another email in your Inbox from an obscure financial institution, requesting that you click on the available link and be redirected to an unknown, unsecured website. Prompted for personal details or your credit card number, you hesitate to enter this information thinking something seems fishy. (May 19, 2010)
Most Common Support Issue: Whitelist = Spoofed Spam
No one likes to see spam in their Inbox, especially when it comes from themselves! Users often get confused and even worry that their identity has been stolen. The main cause for this is that they have whitelisted their own email address to bypass scanning for outbound traffic. Users do not realize (or understand) that spammers can spoof their email address and send spam that appears to be from themselves. (May 14, 2010)
Facebook or Faceblock? Facebook implementing their own ‘email security’?
Facebook is coming under scrutiny (again!), this time about their email scanning policies. Most of you are probably in the email security industry and are well aware that any email security solution will scan a message to divert or block spam, phishing, etc. (May 12, 2010)
Think you don’t spam? Think again!
Who has never sent email spam? Maybe you wanted to promote something, contact friends or relatives you never really emailed before (at least with a normal email), send a chain letter that promised success and money or to promote a garage sale using your local hockey team email list? Maybe you sent a message for your business using a large contact list grabbed on a corporate email with a multitude of CC’d addresses? Or did you ‘borrow’ the customer list from work for your own use? (Oh, that’s bad!) (May 05, 2010)
Six items often overlooked when purchasing an email security solution
As discussed in an earlier post , the battle against spam is an ongoing one and requires you to do your due diligence when selecting an email security solution to protect one of your business’ most important assets: email. (Apr 26, 2010)
March Email Security News
A summary of links to recent articles that I have found interesting in the last few weeks. Includes my own commentary. (Apr 02, 2010)
Are machines really the “bad guys”?
Do you know what this is? Of course you do! This, along with some other strange stuff, has gained popularity and become part of our virtual life when browsing the web. CAPTCHAs (as they’re known) are one example of a Turing test: a challenge-response criteria that is used to determine the probability that a remote being is actually a human vs. a computer that’s trying to mimic a human response. (Mar 31, 2010)
Simple Admin Tricks: Quick & Dirty Monitoring
From time to time, you’ll need to monitor a port to see if there's a problem brewing. For smaller companies, it can be quite a chore to deploy some sort of commercial or open-source monitoring solution (e.g., NAGIOS-based stuff), when all you want to do is do some quick and dirty monitoring. (Mar 26, 2010)
Policy Compliance: Keep it Simple, Stupid!
Are you getting pressured to provide some sort of regulatory compliance rules to your business that will affect your network configuration, your email flow and your end users? Do you have to deal with SOX or HIPAA or GLBA, or ‘Oh Lord, not another Acronym’ regulation (we’ll call it the OLNAA) whose apparent sole purpose is to complicate your life? (Mar 24, 2010)
(Un)subscribe me
Hundreds of emails get blocked daily by your spam filters, but sometimes one slips through. You look it over and it appears to be very legitimate. You don’t remember clicking ‘Yes’ to subscribe to this newsletter, but you see the classic, “You are receiving this because you subscribed to one of our partners… blah, blah, blah… and this is an excuse for us to send you spam. Yeah, it’s true: XYZ company is one of our partners, we do their mass mailing and we grabbed your address at the same time!” So, now you’re tempted to click the Unsubscribe button, but how can you tell if it’s legit? And how do you know that clicking unsubscribe won’t tell the spammer, “Hey I’m alive and I actually read what you sent - send me more”? (Mar 17, 2010)
