{"id":6738,"date":"2018-07-16T12:27:30","date_gmt":"2018-07-16T16:27:30","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=6738"},"modified":"2023-05-17T12:08:49","modified_gmt":"2023-05-17T16:08:49","slug":"email-security-part-2-phishing-and-other-falseness","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/email-security-part-2-phishing-and-other-falseness\/","title":{"rendered":"Email Security \u2013 Part 2: Phishing and Other Falseness"},"content":{"rendered":"<h2>Ask yourself, would PayPal really be asking me to update my password with an unbranded email originating from a strange domain?<\/h2>\n<p>Throughout history, people have preyed on one another&#8217;s ignorance and good nature for some sort of gain &#8212; whether monetary, power, or any other reason using lies and deception. Confidence Men are as old as time itself. Most scams can be evaded by simply recognizing the intent. Does that sound easier than it is? It does. As insight into these scams has become noted, the scam pitches became more convincing. Nothing makes recognizing career liars more difficult than having no physical interface with them. After all, human senses and intuition are useful tools when it comes to spotting scammers.<\/p>\n<p>In all my experience and education regarding security in technology, one truth sticks out and has been proven time and time again:\u00a0 <a href=\"https:\/\/www.thesslstore.com\/blog\/report-biggest-cyber-security-threat-employees\/\" target=\"_blank\" rel=\"noopener noreferrer\">the weakest link in any line of security is the user<\/a>. That, coupled with the sheer volume of possibilities, makes email a superior venue to hustle unsuspecting and trusting people.<span id=\"newline\"><\/span><\/p>\n<h2>*Sigh* Yes, Jump Through the Hoops<\/h2>\n<p><a href=\"https:\/\/www.facebook.com\/netflixus\/videos\/10155540742988870\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Comedian, John Mulaney, has a good bit in his Netflix special Kid Gorgeous about the constant scrutinization that everyone faces to prove that we are not robots (warning: profanity in Facebook video link).<\/a> In it, he infers that we spend more time deciphering letters and pictures without stop signs than actually accessing our own content. It feels that way sometimes. And, we can expect that the evolution of hoop jumping will take some new twists and turns as robot programmers find a way to beat these Turing Tests <a href=\"https:\/\/www.engadget.com\/2018\/05\/08\/pretty-sure-googles-new-talking-ai-just-beat-the-turing-test\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">(Here\u2019s Google\u2019s new AI having a go with success).<\/a> For now, these tests bolster security and really are worth it despite the pain that we all go through when executing those lines of security.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-6748\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-1-300x300.jpg\" alt=\"Email Security\" width=\"300\" height=\"300\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-1-300x300.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-1-768x768.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-1-1024x1024.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-1.jpg 1600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>Other hoops, such as a MFA (Multi-factored Authentication), work well for authentication recovery\/reset but are time consuming. We have had our own pains using the AWS MFA hardware that appears to lose its syncing due to lack of NTP (Network Time Protocol). However, knowing that nearly everyone else is going through similar pains is a sure sign that people are who they say or propose they are.<\/p>\n<p>Despite all the hoop jumping, more than likely, everyone has had some sort of account compromised. I frequently get emails from \u201cmy brother\u201d that start with \u201cHi!\u201d There! Right there, I know that is not him. It is usually followed with something like, \u201cCheck this link out,\u201d and is, of course, followed by some shady link. The important takeaway here: I tell him. Every. Bloody. Time. He needs to know. I need to jump through that hoop. He needs to step up his password\/security but he needs to know. That\u2019s a hoop he needs to jump through not only for his sake but for the sake of all his contacts.\u00a0 Sadly, because of this, that email account has made my list of shadiness and I will take the extra measure of verifying with him.<\/p>\n<span style=\"--tl-form-height-m:966.781px;--tl-form-height-t:989px;--tl-form-height-d:989px;\" class=\"tl-placeholder-f-type-shortcode_12768 tl-preload-form\"><span><\/span><\/span>\n<h2>Teach Me to Scrutinize Like You<\/h2>\n<p>Certain emails come through and they are clearly as advertised. You know your grandmother\u2019s written tone. You know your sales vendor\u2019s marketing template. But when you receive an email from your brother\u2019s account with a shady looking link? Well, that warrants some suspicion and the obvious stuff is just that: obvious. Certain cues may not be obvious, but they can certainly be spotted out. After all, spammers are not going for obvious.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-6749\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-2-300x300.jpg\" alt=\"Email Securities\" width=\"300\" height=\"300\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-2-300x300.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-2-768x768.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-2-1024x1024.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-2.jpg 1600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>One thing to consider is that a lot, if not most, spam is generated by some sort of automated process (code or bot). That\u2019s not to say that wording is generated by a bot, but the bot would receive instruction from the perpetrator of what the email template should say (static context), how to propagate (spread the email out), and how the dynamically generated context is sourced and placed, e.g., a spreadsheet from compromised data containing things like names, email addresses, account IDs, etc. Most of these emails do contain a link that will attempt to run malicious scripts, capture certain system\/application data or trick the user into providing sensitive information to gain access to whatever they are phishing for.<\/p>\n<p>Unsure about an email received? Good. You should almost always be unsure. A good rule of thumb is to scrutinize everything by default and let the sender deal with the burden of proof that they are whom they say are. That\u2019s not to say that they need utter the secret password (\u2018Swordfish\u2019) every time there is communication, but they should strive to pass the eye test however that needs to be executed. We know that this verification can come from many places, <a href=\"https:\/\/www.thesslstore.com\/blog\/email-security-part-1-certificate-signed-emails\/\" target=\"_blank\" rel=\"noopener noreferrer\">as I briefly outlined in my first blog<\/a> and as I will \u201cdetail\u201d in the subsequent blog posts for this email security series.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-6739\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/spam_email_sample.png\" alt=\"spam phishing email\" width=\"1244\" height=\"558\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/spam_email_sample.png 1244w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/spam_email_sample-300x135.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/spam_email_sample-768x344.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/spam_email_sample-1024x459.png 1024w\" sizes=\"auto, (max-width: 1244px) 100vw, 1244px\" \/><\/p>\n<p>Coincidentally, while writing this post, I received this email (an image, not the email). Notice a few things about it? Let\u2019s confirm:<\/p>\n<ul>\n<li>The word \u2018Ross\u2019 is in a different font (?)<\/li>\n<li>The \u2018From\u2019 header, Jessica Burkholder, Jessica.burkholder@technopotential.com, does not match the name in the signature, Melissa Diana<\/li>\n<li>The content is shady (asking if I want to buy a user contact list)<\/li>\n<\/ul>\n<p>Seems like spam to me\u2026..<\/p>\n<h2>Hope For the Best, Expect the Worst and Brace For Impact<\/h2>\n<p>We all hope that we will not have any account compromised. After the Equifax breach, it appears that nothing will ever be secure and sacred. The grind for breaching will not, nor ever, stop. Expect it. So, we mitigate damages by, as the title of this section indicates, bracing for impact. Some things to consider when bracing for impact:<img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-6750\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-3-300x300.jpg\" alt=\"Email Security 1\" width=\"300\" height=\"300\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-3-300x300.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-3-768x768.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-3-1024x1024.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/Email-Security-3.jpg 1600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul>\n<li>What sites do I have an account with?<\/li>\n<li>What safe guards do said sites have in place?\n<ul>\n<li>Review security policy<\/li>\n<\/ul>\n<\/li>\n<li>What information do they have of mine?\n<ul>\n<li>Emails<\/li>\n<li>Banking or financial information<\/li>\n<li>Personal information<\/li>\n<li>Family information<\/li>\n<\/ul>\n<\/li>\n<li>Do those sites need that information?<\/li>\n<li>Do those sites share certain information with other sites?<\/li>\n<\/ul>\n<p>Now that all of this has been said, err, written, the word needs to be spread. Informing our fellow man (or woman) is an obligation that we are all unofficially bound to (that\u2019s right, I\u2019m not afraid to end a sentence with a preposition). So try to share this with the people in your life that could use a little more vigilance in their regular email activities. Tell 2 friends and have them tell 2 friends and keep that going and let\u2019s try to deal a blow to phishing. Honestly, I think this article may pick low hanging fruit. This article may be best for those that are not technically savvy (I\u2019m looking at you, Dad). So, aim for \u201cmy Dad\u201d types to spread the message to (another preposition; told you I\u2019m not afraid heh).<\/p>\n<p>I don\u2019t consider myself a pessimist but the pessimist in me expects a defeated phishing system to evolve into something new that must also be defeated. Security and breaching techniques are always evolving so stay tuned, stay sharp and happy scrutinizing!<\/p>\n<h2>Make sure to check out the entire Email Security series:<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/email-security-part-1-certificate-signed-emails\/\" target=\"_blank\" rel=\"noopener noreferrer\">Email Security &#8211; Part 1: Certificate Signed Emails<\/a><\/li>\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/email-security-spf\/\">Email Security \u2013 Part 3: Sender Policy Framework (SPF)<\/a><\/li>\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/dkim-domainkeys-identified-mail\/\">Email Security \u2013 Part 4: DKIM (DomainKeys Identified Mail)<\/a><\/li>\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/dmarc-reporting-and-email\/\">Email Security &#8211; Part 5: DMARC, Reporting and Email<\/a><\/li>\n<\/ul>\n\n","protected":false},"excerpt":{"rendered":"<p>Ask yourself, would PayPal really be asking me to update my password with an unbranded email originating from a strange domain? Throughout history, people have preyed on one another&#8217;s ignorance&#8230;<\/p>\n","protected":false},"author":11,"featured_media":6742,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[],"class_list":["post-6738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","post-without-tags"],"views":12755,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/bigstock-Laptop-With-Email-Bait-On-Fish-188630815.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=6738"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6738\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/6742"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=6738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=6738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=6738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}