Now a days Email or Electronic Mail has
become the important part of entire organizations as well as per personal life,
now a days 5-10 % are dependent or relays on postal mail. Approximate 1000’s of
the mails are send & received by each of the organizations related to work
as email has made our life easy, fast and convenient, we are now able to get response of our mail within a
second. Now a day’s as a technology is changing we have to take the security of
our IT assets or resources seriously most important is of Email security. Now a
days hackers are creative and they can create mail which look life professional
mail (either from bank, form other organizations) asking for your personal
details. Some hackers make a fraud mail which looks like professionals’ mail having
the attachments photos or something else at the backend bind with virus so as
soon you open the mail system got infected with virus and can be a risk to entire
network. Organizations have to provide the awareness training to the employees demonstrating
what is Information Security?? & latest trend in information security,
fraud, and spam mail, what to do & what not to do at work.
As Email is the way via which the
organizational security can be compromised.
Phishing attack is most popular and
common of all.
What is Phishing?
The fraudulent practice of
sending emails purporting to be from reputable companies in order to induce
individuals to reveal personal information, such as passwords and credit card
numbers, online.
Recently my organization was hit by a
.ZZZZZ Ransomware yet another Locky Variant via phishing mail. What is happing
the hackers are making fake email id’s with exact organization domain name and
are flooding to the user’s across the entire organization the user will think
it is a genuine id so if they click the attachment it will affect the system as
well risk to entire network. One’s the system got infected it will encrypt all
the folder or files with .ZZZZZ extension. The hackers are playing a trick they
are making the attachment with 2 extensions (one .exe) which they are hiding and
(second with .js (file is used mainly to
run client side JavaScript code), or with other extension)
when the user receives the attachment they click it thinking it is OK, but at
the back-end .exe file gets execute.
How the hackers come to know the employee’s
information?
Simply from Facebook, LinkedIn.
Every organization has good antivirus
for scanning the attachments then also it can be a possibility that the
phishing mail can reach to your mailbox. Organization must limit the attachment
limits (like: - in my organization policy is there we are not able to send/receive
the attachments more than 3 Mb). Don’t click the live link in the mail if you
received from any xyz domain not your organization domain, do cross check is
the mail received is valid or not by visiting (http://email-checker.net, https://tools.verifyemailaddress.io)
now if the URL is embedded in an image with in email don’t click on to simply
put the cursor over the image note down the URL you see and to go (bitly.com or
goo.gl) put the URL what you noted down you will come to know the original URL
and description, also go to http://checkshorturl.com
& http://urlxray.com that allows you to
view is URL safe to click.
Superb!
ReplyDeleteOk.... Thanks for visiting
Delete