Demystifying Spear Phishing

Spear phishing is the new kid on the block which has been giving sleepless nights to email security folks. Spear Phishing is a specialized and more targeted type of phishing attack. Traditional phishing attacks are one-to-many types, which are usually conducted by sending malicious emails to as many people as possible. Such emails appear to come from trusted sources like your bank, or some other online utility service and they contain links to deceptive sites which make victims reveal their passwords, sensitive account information, confidential pins, etc. Sometimes the phishing message try to lure the victims into opening infected attachments which once opened can seize control over victim’s device and harvest sensitive information stored on the device.

The modus operandi of Phishing attacks is to cast a wide net. Phishers seem to spread their enticements all over and don’t care what kind of fish they catch – as long as the victims take the bait, they can infiltrate and cause the damage. In contrast to the mass email approach of Phishing, Spear Phishing is a targeted attack or rather one-on-one, where the Phisher creates a fake narrative or impersonates a trusted person and establishes a conversation with the victim. Only later does the Spear Phisher request confidential credentials or sends a malicious URL/attachment. Though the end goals of Phishing and Spear Phishing are the same, the tactics employed by the two vary.

Spear Phishers do a lot of research about the intended victim before crafting their first message. They study the social media profiles like Linkedin, Facebook, etc. of the victim and try to build a profile around the victims work and general life. The chosen victims are ones who have access to some sensitive information about their organization like intellectual property, bank passwords, etc. The Phisher sends an email to the victim which seems to come from a colleague or business associate. The first few interactions do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters. After a few interactions, the Phisher either sends a link to the victim that can infect his machine with a spyware or sometimes even drives the victim to share some IP or transfer money to his account, citing an extraordinary situation.

The business impact of Spear Phishing attacks can be devastating. In 2014, Sony Pictures faced a huge reputation damage when private email were exchanged between executives revealing embarrassing comments about famous people. The studio lost control of complete, unreleased movies, which fell into the hands of digital pirates. The company had to incur a cost of around $8 million to settle lawsuits with employees who were forced to protect their identities from the theft. In 2015-16, the Russian cyber espionage group Fancy Bear allegedly committed one of the more famous spear phishing campaigns and infiltrated the Democratic National Convention in USA to steal emails. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. Between repairing and replacing equipment and hiring experts to manage the fallout, the expense was over a million dollars.

Conventional Anti Spam filters derive signatures, recurring patterns & phishing URLs by using information from previously identified threats. This arrangement was successful in fighting mass spam emails – which threatened to make email unusable. However, email security based on signature and recurring patterns is completely ineffective in identifying the ‘one-off targeted Spear Phishing attacks’. The first few emails sent by Spear Phishers do not contain any attachments or links, thus go undetected by spam filters. The Spear Phishers intention is to build a trust with the victim. Phishers usually send emails from legitimate email addresses having good reputation and spoof the display name. Victims get deceived and take the received emails at face value. They do not bother to check the actual email address of the sender which may reveal the hoax. Since Spear Phishing emails spoof the display name and not the actual email address, they are not filtered by DMARC, which relies on policies enforced by senders with respect to their domain names.

Considering the risks of opening and reacting to Spear Phishing emails it is important to educate your users to be vigilant. Here are some tips to that can help protect your users from Spear Phishing:

  1. Be judicious while posting your personal information on social media.
    Hackers use social engineering techniques as a first step to gather information about victims.
  2. Do not hesitate to check with the sender if you are not sure about the authenticity of an email.
    Impersonation by manipulating the display name of a sender is a common ploy used by hackers. To counter the familiarity exploit, your users should not hesitate to check the authenticity of the email with the sender. This is even more so decisive when the email seems to come from someone familiar and makes some request that seems out of the ordinary.
  3. Check before you click.
    Hackers hide malicious URLs in emails behind URLs that look genuine. Educate your users to hover over the hyperlink to see the destination URL first and if not familair then do not click.

The above behavior based approach is easier said than done.  Sooner or later, someone will click on something that will expose your systems to a breach. Using the right endpoint protection, one that assists in doing this behavior analysis helps. The Rediffmail Enterprise integrated Spear Guard filter uses artificial intelligence consisting of machine learning and predictive heuristic rules to identify and block Spear Phishing attacks even in their initial stages and also saves you from the inconvenience of dealing with multiple vendors to protect your email  infrastructure.

 

 

 

5 things to choosing your Business email service

ESP

Email is the backbone of any business and managing it well has become mission critical for the company. Gone are the days when SMEs fret over their changing email needs and availability of the email solutions that just fit your growing organisational needs. Large organisations no longer considered that on-premise hosted email solutions is the only option for confidentiality, control and better management of mails, and they do realize that it is just a  ‘white elephant solution’. Today with the right cloud based email solutions, businesses Small, Medium or Large  can focus more on their core business than spend time on their email solutions.

Here are the top 5 things that SMEs and large corporate must consider before choosing a business solution:

  • Cloud based email solution providerCloud based email services have become increasingly popular over the past few years and we have come across several entities using them successfully for their business. The advantages provided by having hosted email solutions stand to benefit small-medium enterprises the most. There are no hard decisions involved since the amount of investments is very minimal and absolutely no hassle of deploying resources to manage these services. The costing model is also simple and straight forward which would help businesses manage their cash flow better and focus on their core activity. To conclude, Cloud based Email stands a good bet for small to medium enterprises to adopt with little risk.
  • High availability Ask any business leader what he feels is an acceptable amount of email downtime, and he will most likely respond with, “None!” But if you share with him the additional investment required to further ensure that high bar of email availability, he’ll likely revise that answer. Certain industries like financial services, where downtime translates very clearly into lost profits, are typically more likely to prioritize uptime. In addition, uptime can’t be measured by the availability of the email server alone. Email is as good as down if the antivirus filtering hangs and prevents delivery or a mobile email service fails and employees don’t get emails on their smartphones.
  • Assess your mail box requirements Get an idea of the total number of mailbox needed currently and in near future. Also consider the email storage requirements. Mailbox sizes have been steadily increasing over the years, with 36% falling between 500 MB and 999 MB but still not at the rate employees would like — nearly 80% of companies regularly receive complaints that their employees’ mailbox sizes are too small. Cloud-based providers typically offer much larger storage quotas at a much more attractive price than organizations can do for themselves.

    For a SMEs 2 GB (That is about 100,000 emails of average email size 50KB) would be good to start with but for medium size organisations 5 GB would be a better option. For larger enterprises 25 GB recommended as it completely shields from storage growth requirements.

  • Multiple the point of access Look for a business email solution that allows multiple points of access. With Internet access on multiple devices becoming a norm, it is imperative that your mail is accessible from any device. This keeps your employees, be it in the office or out in the field always in touch with their office emails 24×7.

    Web-mail client: Use this from anywhere as long as you have a browser. Web clients for email access have evolved significantly and incorporate much more than basic features. Mobile: For popular platforms such as Android, Windows, iOS and Blackberry, via applications that is usually free to download. Desktop clients: Access your business email using desktop installed clients like Outlook and Thunderbird or on mobile devices such as Blackberry and tablets like the Apple iPad. Features enabling such a access are POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol) and IMAP (Internet Message Access Protocol) on a secured connection via SSL encryption. Also look for device synchronization. You take an action on one device and it is synchronized across all for e.g. you add a calendar event on PC, you can also see it and even edit it on mobile. Also resume from where you left on another device.

  • Powerful admin controls For SMEs an easy to use control panel that allows managing the email service of your company is needed – Adding email IDs of new employees; deleting the IDs of the ones who have left. When an employee leaves the company, you can withdraw the email id assigned to him so that the emails remain with you. Also make sure you can remotely manage the security of your company data by restricting access and controlling the incoming & outgoing mails. For larger corporate, you may need your email administrators to set password policy, send newsletters to employees, assign privileges, create user groups and use many more such useful tools to manage the service efficiently. Also as an administrator of your office mail you need a continuous report of how your employees are using the email service. This will help you to control the usage and costs.
  • Security Since security is an inherent requirement of any business email, we provide a secure login to the mail service using ‘https’, where ‘s’ stands for secured. This ensures that no unauthorized entity can intercept your information without your consent. Look for the email solution provider’s guarantee on virus protection against unwanted spam and malicious viruses.
  • Archiving Storing a copy of emails from important email accounts into an archival mailbox prevents data loss is important for Large enterprises. Providing archiving often incurs added cost in providing email for each employee. Not all employees carry the same archiving requirements, but some companies tend to think of archiving as an all-or-nothing decision for their workforce.
  • Support options Make sure your business email provider allows multiple support options via email and customer support & technical experts helpline including advanced support with escalation matrix and SLA.

Rediffmail Enterprise is an Award winning cloud based email solution provider for Small, Medium and Large size customers that delivers high availability, high security and responsive customer support.

Are you using a mobile-ready business email?

mobility

Long ago telephone was a means of communication to talk to someone if they happened to be at home. In today’s world mobile phones are not only used for multiple activities apart from the traditional phone call but they have become a 24×7 necessity.

This hand held device has completely changed the way we communicate enabling us to send photographs, videos, audio recordings, instant messages to friend and family across the globe.

Mobile technology, from mobile email to social networking & mobile wallets has transformed the way people interact with each other in their personal life as well as at work, within organisations.

They have become such an integral part of modern life today as they grant people a constant connectedness to the world.

On an average people spend 2 to 3 hours per day of personal time socialising online, however for the 8 to 10 hours we spend at work we find ourselves using “email” as a means of communication most of our time. Email just “works” due to it’s simplicity and mass appeal. With the advent of mobile phones or rather smart phones email is becoming a more powerful tool especially when you are on the go.

It all started with companies providing mobile access to web-mail but device compatibility and subscription charges were a big hindrance back in the year 2008 in India. The email service on mobile kept changing over all these years & still does to improvise and serve us better communication features on the go.

There was a time when one would have to sit in front of a desktop to do his/her work related research or send a photo or video as an attachment through email to someone living abroad. In today’s day & age, smartphones provide the facility of attaching any content – photos, videos, audio recordings etc. through emails & send them even when at lunch.

Now people send work related emails while getting ready for work itself or when they are on a holiday. Today mobile email has become an integral part of businesses, not only for big corporates but also small & medium enterprises to remote access to emails anytime anywhere. Some of the benefits of mobile email to such businesses include – Greater responsiveness to clients, partners or customers, Improved work life balance for employees. Other benefits include finding new business opportunities on the go as well as work more closely with employers, suppliers, customers and other resources at all times.

If used for the right reasons and in a balanced way, mobile phones & email usage on mobile can reap maximum benefits to any individual using them on the go.

Today organisations are on the rise that allow users to work via mail from anywhere and from any device of their choice. With more and more use of multiple devices per user, your email needed to be completely synced across devices, along with your key contacts and calender appointments.

Just on a mobile device, user can now configure his default mobile email client or access mobile webmail or even download the email app to access email, the options are plenty.

With multiple access points, restriction and management of access points is an important feature that admin requires over the cloud to remotely provide, change and even deactivate or remote wipe user accounts as required. Admin can even provide addition layer of security using the users mobile via 2FA feature.

Rediffmail Enterprise helps Small, Medium & Large enterprises to manage their business email over the cloud based on various needs of the organisation, including their mail mobility needs.

Business email spam & virus problems?

According to recent statistics, around 90-95% of email traffic around the world is spam. The disruptive impact of spam and other email abuse has resulted in two types of approaches to deal with the menace.

  1. The first approach focuses on detecting and filtering problem messages. This is done by techniques that attempt to identify bad mails using pattern detection and based on other facts about the contents in the email.
  2. A complementary, but quite different approach, seeks a basis for trusting a message rather than for mistrusting it. This is done by profiling and identifying the sender and validating the sender’s authenticity.

Rediffmail uses a combination of both the techniques to filter out unwanted mails and keeps the users mailbox free from spam. The Rediffmail spam control system is like a funnel, which filters out unwanted messages at various stages and delivers only the good messages to the user’s ,mailbox. Here is a list of the different modules in the Rediffmail spam control system:

IP based filtering 

This is the first level of filtering. At this stage, the reputation of the sender’s IP is established, based on which messages are accepted, rejected or deferred. Generally messages are rejected which originate from IPs that are known to send spam, malware or belong to machines that have been compromised or are open relays. Message are deferred which originate from IPs that tend to send Bulk mail in large numbers or from IPs that send unsolicited mails that have not been requested by the recipients. Rediffmail uses a combination of internal as well as external sources to generate the IP reputation database.

Domain Signatures / RDNS and Fake NDR filters. 

At this stage, the spam filter tries to establish the reputation of the sender by validating the sender’s SPF, DK, DKIM and RDNS records. Mails from senders with incorrect signatures or with non-existent RDNS records are filtered at this stage. Spammers who send mails by faking sender ids result in lot of Non Delivery Reports (NDRs). Though the NDRs are not really spam messages, but they can be a cause of nuisance for users who receive a lot of such messages. Rediffmail uses a home grown technique to identify and block such fake NDRs and not let them reach the users mailbox.

Content based filtering 

At this stage, the spam filter uses techniques which try to finger print messages and try to classify messages based on the patterns in the content of the email. Finger printing of messages is done by examining patterns in messages, rather than just the content and comparing them against the corpus of bad and good patterns that have been built over a period of years of learning. The filter at this stage also considers recurrence of patterns over short time spans to identify unsolicited bulk messages. One of the techniques used to filter out bad messages is to examine the nature of URLs in the content. Rediffmail uses a combination of internal as well as external sources to build a database of bad URLs. The corpus of bad patterns and URLs is also generated based on feedback from other users who report messages as spam. At the end of this stage, messages are classified as containing malware, phishing mails, other scams like lottery scams, etc.

Reputation based filtering 

This is the final stage of filtering in the spam control system. At this stage, the reputation of the sender is established with respect to the recipient, based on the actions taken by uses on the emails that they send and receive. Messages from senders having a bad are filtered out and messages from senders having a good reputation are accepted and delivered to the user’s mailbox. This technique to do so has been built and grown in house. Apart from this Rediffmail has a dedicated team which works on daily Spam control issues, such as detecting False Positives, monitoring the classification of messages, monitoring the reputation of IPs, etc. Over and above the above spam filtering funnel, the administrator of domains can control the SPAM filter or individuals as well as for the entire domain. Administrators can enable/ disable spam filters as per the requirements and also enforce restrictions on incoming & outgoing mails with respect to senders, recipients, attachments, etc.

rediffmail-enterprise-antis

So do you have all these in your built-in Anti-Spam & Anti-virus system in your current email service? If not you may be in for some serious trouble.

Rediffmail Enterprise is a CIO choice award-winning business email service for small, medium & large enterprises with spam & virus protection of global standards. A representative of Messaging anti abuse working group (MAAWG, an international organization responsible for addressing messaging abuse holistically by knowledge sharing, industry collaboration and public policy)  who has contributed to address issues relating to SPAM originating from India. Rediffmail Enterprise’s multi-layered SPAM filtering mechanisms help filter out up to 99.9% of SPAM messages and known viruses trying to reach user’s inbox.

Are your Business email users TFA secured?

In today’s email age, the biggest challenge that most companies face is data security. Therefore, it remains the top priority across all organizations.

TWO FACTOR AUTHENTICATION

At Rediffmail Enterprise, we have made some modifications to the security features that make your business email more secure. The unauthorized access to email accounts is the major concern raised by most IT administrators of organizations today. This breach is usually caused when users access their email accounts on public Wi-Fi platforms or set the same password for more than of their email addresses, social networking accounts, e-commerce site profiles, other online profiles and so on.

Our team performed a thorough analysis of the data based on the issues faced by the administrators and rolled out the Two Factor Authentication (TFA) feature within the current interface to address the security concerns. TFA is a technology to ensure that only the genuine owner of the account is allowed to access it. When TFA is enabled for a user, the system sends a four digit pass-code to the user’s registered mobile number. The user can only access the mailbox if both the password and pass-code are verified. The TFA also ensures that only the verified user can make security changes to the account like changing the Password and using add Auto-Forward feature.

How to enable two factor authentication for my domain?

As an administrator, you can enable TFA for the entire domain or selected users by clicking on Domain level management within the admin panel and further clicking on ‘Feature Access Restriction”.

What happens if user have not specified his mobile number?

The user must add mobile number to the account for enabling the TFA feature as it needs a registered mobile number to send the pass-code. If user has not specified his mobile number then TFA will not work for him

Does TFA works for international mobile numbers?

A pass-code would be sent to user’s mobile even if the user is based out of India. Activating this feature will surely assist to keep your business email more secure. We are also continuously looking to enhance our current email solutions with more and more advanced features.

Button-KnowMore

Inhouse or Cloud mail? What should a IT manager choose?

For many organizations, IT is not their core competency; let alone managing email services. Business emails are their critical support mechanism. Most of the times, organizations who have setup in house email services underestimate email’s full cost to their organization.

In-house Email Solution

The cost of in house email is not just limited to licensing and hardware cost. It includes costs of staff, maintenance, storage, archiving, mobile email, etc.

  1. Maintenance and support
    To calculate actual cost of software licenses, one should also include annual maintenance and support cost along with installation charges. Software up gradation costs are also significant and should be included in software licensing costs.
  2. Storage and archiving
    With mailboxes size increase and accumulation of attachments over the period, the cost of storage soar rapidly. Along with this archiving, business continuity, e-Discovery, and regulatory compliance add significant cost to email.
  3. Staffing cost
    For In house solution, you need have dedicated team to manage the operations. The resources are needed not only for general email administration but also to maintain sanity of servers and network, block SPAM and virus attacks, monitor hardware against failure, install latest patches or upgrades on servers, build redundancy in system etc. Each of these tasks needs a skilled resource who understands the mailing solution from end to end.
  4. Hardware cost
    The hardware cost is not limited no of servers or routers. The biggest contributor to hardware cost is the power and data center cost.
  5. Redundancy
    In house email solutions are not scalable easily. To add new users in system, administrator needs to scale up multiple systems such as data storage, servers, ancillary services such as anti-spam, backup and archiving, etc. To avoid last minute hiccups administrators, configure all these services in excess thus introducing redundancy in system. Also for business continuity, IT administrator has to make sure that they have redundant infrastructure in case anything breaks up.

If we consider all these costs for managing in house email services, the actual cost of email per user increases at least four times the cost of one email license.

Benefits of Hosted E-mailing Solution

In hosted mailing solution, customer need not to worry about the email infrastructure and its maintenance. The benefits of hosted mailing solution go beyond cost,

  1. Scalability
    Using hosted mailing solution you can rapidly add new users. You don’t have to waste time in procuring licenses, provisioning mailbox space or setting up email accounts. Also hosted mailing solution can cope up with sudden increase in inbound or outbound email traffic easily.
  2. Always up to date
    The hackers and spammers are continuously inventing new techniques to invade into your mailing system. If your mailing system is not upgraded with latest security patch or upgrade, it can cause heavy damages to your business critical information. Rediffmail Pro email solution is always up to date with all the security updates and you don’t have to worry about security of your email data.
  3. IT resource management
    Cloud email service provider is managing your email solution, you can allocate valuable IT professionals to more business-centric projects. The opportunity cost of running email on-premise is that your staff must spend time on email support, rather than revenue generating projects is quite significant.
  4. Secure email service
    The reason for which most of the organizations opt for in house email solution is that they are worried about their data security and control over hosted email service. However, with cloud email service provider the data is transmitted using secure channel and moreover it is stored at a secured premises. Also hosted email solution provides inherent redundancy which makes sure that the data is replicated. Also you can control unauthorized email data transmission by defining user level restrictions and policies for their email usage.
  5. Access to open technology
    In house mailing solutions binds you to proprietary technology and protocols. This limits the access to advanced technology or devices. Even if the in house mailing solutions have a application to integrate with different devices or software, it comes with huge licensing cost. Hosted email services brings in value from the open world, which gives the business an IT edge to integrate with free clients and applications like Thunderbird, ERP systems etc. With open technologies, you could use any Android based phone/ pad/ tab, iPhone, iPad, to get seamless access to email, calendar and address book, while on the move. A possibility like this allows the field force to be more connected to each other and not just the top management.