When Friends Attack!
How can you protect yourself?
We’ve spoken often of the many technologies in use to block email virus and phishing attempts, but what happens when they come directly from our regular business partners?
When a business partner’s email service is compromised the ability for an attacker to review past emails, prey on familiar contacts, and hide their payload is drastically improved. This is what we’re seeing far more often these days, and it has proven to be the most successful style of attack.
Below are some FAQs that we receive about these styles of attack:
Why do more of these get through our SPAM/Virus detection filters? Don’t they still have viruses that can be scanned?
- SPAM scores are a composite of a number of factors, many of which are based on the legitimacy of the origin of the email. If hackers have gained direct access to a user’s mailbox then the origin of the email passes with flying colours, keeping the SPAM score low
- If you have “whitelisted” the sender out of convenience in the past then we’ve effectively turned off a majority of our scanning that would normally occur on that user’s emails
- Whitelisting can be particularly harmful when it is applied to an entire company’s domain, rather than just a single user
How can I protect myself from these attacks?
- When a stranger sends you a “file transfer” email or something to that effect, it is very easy for you to recognize it as a scam. If it comes from someone you know be sure to independently contact that person using existing contact information that you have available
- Do not ever reply directly to one of these emails asking about its legitimacy. You may simply be emailing the attacker
- Do not use any contact info from the email, including phone numbers. If the attacker has changed the phone number in the signature of the email you are highly unlikely to notice
How do we reduce the amount of successful attacks of this nature?
- Reducing whitelisted addresses and domains from corporate SPAM filters
- Tightening SPAM filter settings in general, however this can lead to many “false positives” which in turn leads people to use whitelisting more often