CYBER SECURITY EVANGELIST

Emails. Can’t live without them these days. It is probably one of the most used forms of communication, along with social accounts.

Despite the news you might read on the Internet, email is not dead. It’s the place where we keep our contacts, valuable information, read our newsletters, send/share pictures and other important documents. For most of us, email is tied to our online identities.

And yet, emails continue to be an easy target for cyber criminals.

Recently, hundreds of millions of email addresses and passwords have been leaked on the Internet. It is probably the biggest data dump ever, with more than 700 million of email addresses (plus passwords) being exposed online.

According to Troy Hunt, the researcher who made the breach public, said it is unlikely that each belongs to a real person, because the dump has lots of fake and duplicate addresses. Maybe the number of users affected is smaller, but this is still huge.

This shows us, once again, how vulnerable our inboxes are, and why attackers can easily plan a spam campaign for spreading malicious code and infect as many users as possible.

Why does this type of attacks still work?

  • There are various online services and platforms out there that people are using daily and most of them lack important security measures, leading to potential cyber threats.
  • People collect an amount of sensitive data on emails addresses, and hackers use their creativity to take advantage of this information and cause harm.
  • Spam email remains a preferred attack vector for cyber criminals, because they can get easy access to email addresses shared easily by people. Attackers usually rely on botnets to do this work and send spam emails to targeted victims. Botnets are “networks of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks.”
  • As long as users will keep clicking on everything they receive on emails, they will continue to be a vulnerable target. Thus, it will be a lot easier for cyber criminals to include infected attachments and links into spam emails. It takes one click on the malicious link and the victim is redirected to a site that downloads malware into the victim’s computer.

Read this useful malware removal guide to easily do the cleanup for your PC. 

Here are the most frequent types of spam emails to stay away from:

  1. Online scams that advertise various products and services you can easily receive on emails and are tempted to click on. Read our article to find out the top online scams to stay away from. Here’s how a greeting card scam looks like:

greeting card scam 1

Source: McAfeee.com

2. Scams that try to trick users into paying an amount or money or providing confidential information. Avoid giving away your personal data on email to untrusted sources.

3. Phishing emails are related to the most sensitive information cyber criminals are trying to obtain from victims, such as: usernames, passwords, and credit card details.

phishing spam mail

Source: Proofpoint.com

4. Blank spam is another common email to stay away from. Users receive an empty email, usually without a subject line, from cyber criminals who are testing the validity of that email address, so they can easily target in a potential malware spam campaign.

blank spam email

Source: Trustwave.com

5. Spoofing emails come in users’ inbox looking like a legitimate one with the message “verify your email” that will redirect the user’s traffic to an infected web page.

dropbox spoofing email

Source: Heimdal Security blog

These common email spams can easily turn to be a trigger for an upcoming cyber attack minutiously prepared by hackers. Find out more details on how a cyber attack works in our article.

What cybercriminals can do with/to your email account

Cyber criminals easily target users’ email accounts, so we recommend checking out these common cyber security attacks.

  • Phishing is a cyber attack where usually a hacker sends a fake email containing a link or attachment aimed at tricking the users into clicking them. In most cases, the link might lead to a malware infection, or the attachment itself contains a malware. Here’s an example:

phishing emailSource: BusinessInsider

  •  Spear phishing is a more targeted cyber attack version of a phishing attack that involves a personalized phishing (and it’s extremely effective, because it’s very well planned) email sent to targeted users or companies. Since users are used to getting such emails, they won’t be suspicious, and will be more likely to click the link/attachment.

spear phishing gmailSource: Symantec.com

  • Malware attacks are mostly delivered as malicious attachments via emails to a phishing emails or through downloads on spam websites. The infection happens when users open the attachment to see what’s the email is really about. See the photo below for the main types of malware:

tpes of malware

How to secure your email account

Given the fact that our online landscape isn’t safe anymore, securing your email address should be a top priority. Here are some useful ways to do this:

  • When signing in your account, it is highly recommended to use two-step verification method, as an extra layer of protection for your email address. To activate this security measure, all you need is to add your phone number to your email account.
  • Use a password manager program to set strong and unique passwords. Remember to not use the same password for all your social accounts too, as it gets easier to be hacked and all your accounts will be vulnerable.
  • Keep your software up to date all the time! We remind you that email is usually a first step in the malware infection chain. But people continue to click on links they receive on email and get infected. Having the system up to date and protected with multiple layers of security minimize the chances of being infected with malware.
  • Don’t connect to free public Wi-Fi networks when trying to send an email or run the financial transaction.
  • Be vigilant and learn to identify online scams which usually start with an email sent to a potential victim. Most scams are based on social engineering techniques used to trick and influence users’ behaviours, even the most experienced ones.
  • For maximum protection, use an antivirus program or a proactive cyber security software solution.
  • Mark spam or phishing emails as such, so your email provider can block that sender from spreading malicious content to other users.
  • Refrain from opening emails from unknown senders or clicking on suspicious links.
  • Be careful when submitting your email to services and websites. Ensure they use https, so you’ll know that your personal data is communicated safely to their servers.

Our recommendation: Don’t click on suspicious links. Don’t open those spam emails you get everyday. Don’t download the attachments and other files you get. You can become easily an easy victim for cyber criminals. Always use VirusTotal to detect and scan suspicious links.

Check out this list of useful online resources to help you stay safe online:

2017.02.21 SLOW READ

How Every Cyber Attack Works – A Full List

where-malware-hides-featured
2016.10.27 SLOW READ

Practical Online Protection: Where Malware Hides

Complete Guide to Email Security
2016.10.14 SLOW READ

The Complete Guide to Email Security [Updated]

Comments

One of the forms of protection is – KEEP YOUR SOFTWARE UP TO DATE ALL THE TIME !!

In practice – what does this mean? Most, if not all, the software I use does not offer
updates or even a facility to do so.

Please elucidate at length. What types or categories of software should we be most concerned about?

Hello and thank you for your comment. Every piece of software has its vulnerabilities, whether it’s an operating system, apps we use in our daily work or the browser. Please have a look at this article showing the most vulnerable software in 2016: https://heimdalsecurity.com/blog/most-vulnerable-software-2016/. Also, I suggest reading what experts have to say about the importance of software patching: https://heimdalsecurity.com/blog/expert-roundup-software-patching/

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
172 queries in 1.482 seconds