Skip to main content

Take Email Security seriously

Now a days Email or Electronic Mail has become the important part of entire organizations as well as per personal life, now a days 5-10 % are dependent or relays on postal mail. Approximate 1000’s of the mails are send & received by each of the organizations related to work as email has made our life easy, fast and convenient, we are  now able to get response of our mail within a second. Now a day’s as a technology is changing we have to take the security of our IT assets or resources seriously most important is of Email security. Now a days hackers are creative and they can create mail which look life professional mail (either from bank, form other organizations) asking for your personal details. Some hackers make a fraud mail which looks like professionals’ mail having the attachments photos or something else at the backend bind with virus so as soon you open the mail system got infected with virus and can be a risk to entire network. Organizations have to provide the awareness training to the employees demonstrating what is Information Security?? & latest trend in information security, fraud, and spam mail, what to do & what not to do at work.

As Email is the way via which the organizational security can be compromised.

Phishing attack is most popular and common of all.

What is Phishing?
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

Recently my organization was hit by a .ZZZZZ Ransomware yet another Locky Variant via phishing mail. What is happing the hackers are making fake email id’s with exact organization domain name and are flooding to the user’s across the entire organization the user will think it is a genuine id so if they click the attachment it will affect the system as well risk to entire network. One’s the system got infected it will encrypt all the folder or files with .ZZZZZ extension. The hackers are playing a trick they are making the attachment with 2 extensions (one .exe) which they are hiding and (second with .js (file is used mainly to run client side JavaScript code), or with other extension) when the user receives the attachment they click it thinking it is OK, but at the back-end .exe file gets execute.  

How the hackers come to know the employee’s information?
Simply from Facebook, LinkedIn.

Every organization has good antivirus for scanning the attachments then also it can be a possibility that the phishing mail can reach to your mailbox. Organization must limit the attachment limits (like: - in my organization policy is there we are not able to send/receive the attachments more than 3 Mb). Don’t click the live link in the mail if you received from any xyz domain not your organization domain, do cross check is the mail received is valid or not by visiting (http://email-checker.net, https://tools.verifyemailaddress.io) now if the URL is embedded in an image with in email don’t click on to simply put the cursor over the image note down the URL you see and to go (bitly.com or goo.gl) put the URL what you noted down you will come to know the original URL and description, also go to http://checkshorturl.com & http://urlxray.com that allows you to view is URL safe to click.

Comments

Post a Comment

Popular posts from this blog

DoS Attack: - Don’t let your network to be a next victim

Understand the Dos Attack, how it can cause damage to the network.  Internet the network of a network was the wonderful result of many geniuses and intelligent guys who has changed the world totally. Now a day everyone is free to access the internet from any corner of the world and with any devices. It is not secure to surf on internet as the internet is now is the hub of infections like: - viruses, worms, attacks, malwares and most important the hackers. No one is secure if you are surfing on internet you must have to keep in mind what to do and what not to do then only you are secure otherwise not. Everything is now digitalized, no need to go anywhere sit at home and do what you want to do, if you want to pay the bills (electricity, telephone, mobile) pay it online, you want to do shopping go to online shopping site do it and get your product delivered at your footstep, you need to buy a electronics purchase online, why to go to bank to transfer money do it through intern...

Best Practice for securing the organization network.

The best and most important practice is the creation and enforcement of I.T security policies, there must also have the system specific rules to address the policies for the individual systems & data. The policies can address or point to any security controls from password to backup, applications to servers. The most important of all is the proper use of the I.T resources. Each and everyone in the organization must have to understand his responsibility, must use the I.T resources in a limit. All the I.T security policies or other policies have to be available in the organizations intranet. The best of all practice is to have DMZ (Demilitarized) zone . DMZ is logical network separating LAN ( Local Area Network ) from the Internet ( Untrusted Network. ). DMZ provides the extra layer of security as it restricts the attackers or someone else to access the internal servers and data via internet. Any service that is being provided to users on the Internet should be placed in the DMZ. T...