Now I have to equip a +5 defense modifier for my email?
Sunday, March 14, 2010 at 5:26PM One of the shows which I listen to on a frequent basis is Security Now and it started out pretty much in the best way to grab attention ever. A new phrase: Weaponized Email. Actually once it was more thoroughly explained, it doesn’t appear to be as bad as it originally sounded. Apparently it is the new term for Spear Phising which, per Search Security can be defined as:
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data.
So apparently its not as bad for me as it seems. I say for me because I am able to see through emails which tend to be phising in nature. But that comes with the nature of working in the tech field and being around the internet news all the time. Most of the current population isn’t able to decipher what is and what is not a phising email, at least the good ones. The good phising emails sometimes look so authentic that until you really inspect it, it looks like the real thing to even the best experts out there.
What makes spear phising more dangerous is that it is specifically targeted to a specific company/group and potentially has a larger chance of someone falling victim to the phising scam. Old style phising scams typically target thousands to millions of people but spear phising scams can target under one hundred people and due to the nature in which they are engineered are more successful. A prime example of this is if someone is able to hijack a facebook page or through other methods find out the events of a company which they wish to target(for example - a company outing, picknick, etc) they can send targeted emails as though on from one of the people from the company to others in the company indicating to check out photos/etc from the recent events. When they go to check out the link, they get infected with some sort of malware allowing for the access of the hackers to the company system. As soon as they have one computer under their control, they can then use this access to gain control of other systems, sometimes hopping from one system to another getting access as they go along.
This works because there is an implied chain of trust going on. Normally a phising email has nothing to do about recent/daily events. (Such as - Is this you?). But if you receive an email from a coworker who was at the event a few days after a company picnic letting you go to a link which looks like it goes to facebook, there is a higher level of trust. There is the assumption that it came from the person whom said it was sent from - who really checks the headers anyways? Maybe only the hardcore geeks but the average person doesn’t know how to check or even care to check headers of their email. Due to this (what looks like) higher level of trust, the average person assumes its safe to click on the link. It wouldn’t suprise me if this would even catch some IT professionals off guard.
One of the more highly publicized incidents of the spear phising is of course the breakin to Google’s servers recently. The sequence of attacks is know as the Aurora attacks, and for those venturous few, you can read a little more on this at McAfee’s Blog regarding the Aurora attacks.
A more specialized attack means that we’ll need to have our shields secured more when we check our email.
So how can you equip your email with a +5 defense modifier? Take a few simple precautions:
- If you receive a link in your email - do not click on the link. Instead either copy and paste the link if it looks like a legitimate link, or type in the link manually. It is easy to mask the destination of a link from what is shown on screen. While this can leave you still somewhat vunerable - if the domain of the site is not recognized do not go to it at all
- If you are using Outlook, make sure to keep your windows up to date. Outlook uses(at least in current versions) IE to render HTML emails. Any security updates in IE can potentially be triggered in Outlook.
- If Grandma emails you to look at pictures of her Blueberry pictures on facebook, do yourself a favor and log into facebook and go to your grandma’s profile manually instead of clicking on the provided link.
- Do not rely on current phising emails to be grammatically incorrect or to have bad spelling. Modern phising email scams are professionally done. Long gone are the Nigerian Princess money phising emails which automatically trigger the internal phising filters in our minds due to the horrible spelling and grammar
- Just because an email has the real images of the institution which the email is supposedly from, does not mean that the email is authentic. These items can be copied, linked to, and referenced. In fact, it could be that an authentic message from an institution can be copied, and only the link(s) in the message can be edited to install malware.
Also, always make sure that you have some sort of anti-malware/anti-virus software installed on your computer and that this is up to date. At the current moment, Macs are more secure and less susceptible to malware. If you are running Windows, I recommend that you check out Microsoft’s free antivirus software. Its lightweight and offers protection which is essential for all computers. If you want a little more options and robust software, there is a wide selection available. One of the best antiviral packages out there is Nod32. It may seem to be a little pricey(more than free), but it is by far the best antivirus software out there which I have come across. The antivirus software provides both anti-malware and anti-virus software and the security package does more, but most people should be fine with the antivirus software.
I think for now, a +5 defense modifier should be fine, but unfortunatly we will need to go to a +10 modifier. I guess after leveling up a few levels, we should be able to use the proper equipment to do this. Until that day…
email, phising, tips, weaponized email in Security, Technology 