Technology #2: email security
Why look at your Email Security in times of COVID-19?
The COVID-19 epidemic challenges us on a social and medical level. And although we see a lot of solidarity in the world these days, there are also a lot of malicious actors currently trying to exploit the trending subjects regarding the Corona epidemic. The numerous COVID-19 malicious email campaigns are abusing people’s fear with regard to this crisis.
What are the challenges for Email Security?
The primary goal of these malicious email campaigns is to deliver malware or credential phishing. E-mail is well established in every organization and we receive a multitude of messages every day. This is also the reason why it is such a popular medium for cybercriminals as a starting point in their attacks. Defending your organization against these malicious emails can typically be done in two ways:
1) Spread awareness among your end-users
2) Use email security technology.
Ideally, they enforce each other.
How can your end-users contribute?
End-user can protect your organization very easy when they receive an e-mail by asking themselves some basic questions for each e-mail received:
- Details about the sender: “Do I know this person?” (person = the sender)
- The context of the email: “Has the purpose of this email a contextual meaning for the work I do?”
- The content of the email:
- “Does the content contain contextual information that makes sense to me?”
- “Do I need to do something that seems suspicious?” We mean a call to action such as ‘click on a link,’ ‘download a file,’ ‘login to a portal,’ ‘disclose information,’ etc.
- A sense of urgency always has the intention to touch or change your emotions and results in many cases in curiosity, anxiety, sympathy, humanity, charity, etc.
- “Has the mail a malicious intent?” Examples are causing harm, hidden delivery of malicious software programs, etc.
See also this blogpost from colleague Etienne Verhasselt with some very useful tips how to identity a malicious e-mail.
Creating end-user awareness is important to consider in the protection against fraudulent actions and should be made priority number 1. Apart from that, technology is needed to support this. The following topics can provide reassurance during difficult times.
How can you increase e-mail security?
A couple of rather easy quick wins to augment the protection capabilities offered by your trusted secure e-mail gateway are:
- Implement a warning rule in your e-mail processing pipeline:
This rule will match for key terms, like “Corona,” “Virus” and “COVID-19” within the message header or body. This allows you to insert a warning message within an e-mail notifying the end-user that the message could be fraudulent, continuously raising her or his awareness.
- Validate the authenticity of incoming mail:
Solutions like SPF (Sender Policy Framework), DKIM (Domain Key Interchange Messaging) and especially DMARC (Domain-based Message Authentication, Reporting and Conformance) standards can deliver this. SPF allows the owner of an email domain to specify which mail servers they use to send mail from that domain. Domain Keys Identified Mail is a standard that prevents email senders and recipients from spam, spoofing, and phishing. DMARC unifies the SPF and DKIM mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test. The combination of these three standards allows you to be confident the e-mail originates from a trustworthy source.
- Configure SPF/DKIM/DMARC for outgoing mail:
Deploy these solutions for your own outgoing e-mail as well, leveraging public DNS services. This strongly decreases the likelihood of phishing and social engineering attempts that make use of your own e-mail domains.
A practical checklist
The following checklist is a summary to guide you to reduce the threats of malicious mail campaigns:
- Ensure your users are aware of the malicious COVID-19 mail campaigns.
- Create a rule matching key terms on COVID-19 in header and body of mail messages to insert a warning for your end-users.
- Validate the authenticity of incoming mail by leveraging the capabilities of SPF, DKIM and DMARC.
- Configure SPF, DKIM and DMARC for your outgoing email.
How can we help?
Orange Cyberdefense can help you with:
- A review of your e-mail security configuration
- Assist you to create rules on COVID-19 related key words
- Assist you in with the configuration of SPF, DKIM and DMARC
Share the post