E-Mail awareness, why??

by

What is e-mail

Email, or electronic mail, is a method of exchanging digital messages from an sender to one or more recipients. Email is one of the most widely used forms of online communication, and is used for personal, business, and other purposes. An email message consists of a subject line, a message body, and various other fields and attachments. Email messages are sent and received via email servers and clients, which can be accessed via a web browser or a standalone application.

The first email was sent in 1971 by Ray Tomlinson, an American computer programmer who is credited with inventing the email system as we know it today. Tomlinson was working on a program called SNDMSG, which allowed users to send messages to other users on the same computer. He decided to extend this program to allow users to send messages to users on other computers, and thus, the first email was born. The first email was sent from one computer to another computer located in the same room. The message simply said “QWERTYUIOP,” which was a string of letters that Tomlinson used to test the system.

I got my first personal e-mail account when i was in 7th grade and i participated in a “Internet course” in a danish school vacation week in the fall. I was 14 years old and created an e-mail account under the old 113.dk domain. This was back in 1997, there has been some summers between now and then 

E-Mail has since been incorporated in our daily lives because it has so many advantages:

  • E-Mail is a cheap “post service”. It only require an Internet connection
  • Today there are so many user interfaces (installed software applications and Web based), which makes e-mailing easy to use
  • With the “Always Connected” mentality and smartphones e-mail is convenient to use.
  • There are not any significant delay.
  • It does not require much bandwidth to send an e-mail.

Unfortunately there are bad/dark sides of e-mail. For a consultant, one of the worst things are the overwhelming time usage there is in reading, replying and reading “FYI” mails, that really does not concern me.

Here are some examples of the dangers in e-mail:

  • Spam
  • Phising
  • Ransomware
  • Trojan

 

Spam
According to oxford dictionary spam is

  1. Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
    1. Unwanted or intrusive advertising on the Internet. as modifier ‘an autogenerated spam website’
  2. trademark A tinned meat product made mainly from ham.

Spam is unwanted or unsolicited electronic messages, typically sent in large quantities to a large number of recipients. It is often used for commercial or malicious purposes, such as phishing attacks, scams, or distributing malware.
Spam can take many forms, including email spam, instant messaging spam, and spam on social media platforms. It is typically characterized by the use of false or misleading subject lines and content, and by the use of techniques to evade spam filters and block lists.
Spam is a major problem on the internet, as it can consume significant amounts of bandwidth, storage, and processing resources, and can be a nuisance to users who have to sift through large volumes of unwanted messages in order to find legitimate ones. It can also be a security risk, as it can be used to distribute malware or phish for sensitive information.

To combat spam, many internet service providers (ISPs) and email providers have implemented filters and block lists that are designed to identify and block spam messages. Users can also install software on their devices that can help to identify and block spam messages. However, despite these measures, spam remains a persistent problem on the internet.

Phising

e-Mail phising is an attemt to obtain information from a a user. This information could be Username, Passwords, Credit cards details.

Phishing is a type of online fraud that involves tricking individuals into divulging sensitive information, such as login credentials or financial information, through the use of fake websites or email messages. It is often used to steal identities, access online accounts, or commit other types of cybercrimes.

Phishing attacks are typically carried out through email or social media, and often use deception and impersonation to lure victims into revealing sensitive information. The attackers may use fake websites or email messages that appear to be from legitimate organizations, such as banks or government agencies, and may use urgent or threatening language to try to persuade the victim to take action.

To protect against phishing attacks, it is important to be cautious when clicking on links or entering sensitive information online. It is also a good idea to use strong, unique passwords for all online accounts, and to enable two-factor authentication whenever possible. Additionally, users should be aware of common phishing tactics, such as emails that contain typos or that request sensitive information, and should be wary of emails or messages from unknown sources.

Trojan e-mail

A Trojan email is an email that appears legitimate, but is actually a malicious attack designed to trick the recipient into installing malware or divulging sensitive information. Trojan emails often contain a link or attachment that, when clicked or opened, installs malware on the victim’s computer. The malware may be a Trojan horse, which is a type of malware that disguises itself as a legitimate program in order to gain access to the victim’s system. Once the Trojan horse is installed, it can perform a variety of malicious actions, such as stealing login credentials, sensitive data, or financial information. Trojan emails can also be used to spread other types of malware, such as ransomware or viruses. To protect against Trojan emails, it is important to be cautious when opening emails or links from unknown senders, and to use reputable antivirus software.

Ransomware

Ransomware is a type of malicious software (malware) that is designed to block access to a computer system or its data until a sum of money is paid. It typically accomplishes this by encrypting the victim’s files, making them inaccessible, and then displaying a message that demands payment in exchange for the decryption key.

Ransomware attacks can be very disruptive and costly, as they can prevent victims from accessing important files and systems until the ransom is paid. They can also be difficult to defend against, as the attackers often use sophisticated techniques to evade detection and to maintain control over the infected systems.

There are many different types of ransomware, and they can be delivered through a variety of methods, such as email attachments, malicious links, or drive-by downloads. Some common

types of ransomware include:

  • Cryptoware: This type of ransomware encrypts the victim’s files and demands payment in exchange for the decryption key.
  • Lockerware: This type of ransomware locks the victim out of their computer or device and demands payment to unlock it.
  • Scareware: This type of ransomware uses fake alerts and threats to scare the victim into paying for unnecessary or fake services or software.

To protect against ransomware, it is important to use antivirus software, keep all software and systems up to date with the latest patches, and avoid opening email attachments or clicking on links from unknown sources. It is also a good idea to regularly back up important data, as this can help to minimize the impact of a ransomware attack.

Many ransomware attacks demand payment in the form of a cryptocurrency, such as Bitcoin, because it allows the attackers to remain anonymous and makes it more difficult for law enforcement to track them.

Examples of CryptoLockers
WannaCry
WannaCry (also known as WannaCrypt or Wanna Decryptor) was a ransomware attack that occurred in May 2017. Ransomware is a type of malicious software that encrypts the victim’s files and demands a payment (ransom) to decrypt them. WannaCry was particularly virulent because it used a vulnerability in Microsoft Windows to spread from one infected computer to others on the same network, thereby infecting an entire network in a short period of time. The attack affected hundreds of thousands of computers in over 150 countries, causing widespread disruption and damage to businesses, hospitals, and other organizations. WannaCry demanded payment in bitcoin, and it is believed that the attackers received tens of thousands of dollars in ransom payments. The WannaCry attack was eventually stopped by a cybersecurity researcher who discovered and activated a “kill switch” in the malware. However, the attack served as a reminder of the importance of keeping software up to date and of the need for robust cybersecurity measures.

CryptoLocker
CryptoLocker was a type of ransomware that was active in 2013 and 2014. Like other ransomware, it encrypted the victim’s files and demanded a payment (ransom) to decrypt them. CryptoLocker was particularly virulent because it used a combination of strong encryption and social engineering to convince victims to pay the ransom. It was distributed through a variety of means, including email attachments, drive-by downloads, and infected websites. Once it infected a computer, it would scan the hard drive for certain file types, such as documents, pictures, and spreadsheets, and encrypt them using a strong, asymmetric encryption algorithm. It would then display a message to the victim, informing them that their files had been encrypted and demanding a payment of several hundred dollars in exchange for the decryption key. Many victims paid the ransom, as they had no other way to recover their files. CryptoLocker was eventually taken down by law enforcement agencies, but it served as a wake-up call for the need to implement robust cybersecurity measures to protect against ransomware attacks.

CryptoWall
CryptoWall is a type of ransomware that was active in 2014 and 2015. Like other ransomware, it encrypts the victim’s files and demands a payment (ransom) to decrypt them. CryptoWall was distributed through a variety of means, including email attachments, drive-by downloads, and infected websites. Once it infected a computer, it would scan the hard drive for certain file types, such as documents, pictures, and spreadsheets, and encrypt them using a strong, asymmetric encryption algorithm. It would then display a message to the victim, informing them that their files had been encrypted and demanding a payment of several hundred dollars in exchange for the decryption key. CryptoWall was particularly effective at evading detection and removal, as it used advanced techniques such as rootkit installation, Domain Generation Algorithms (DGAs), and peer-to-peer (P2P) communication to spread and maintain its infection. It is estimated that CryptoWall caused hundreds of millions of dollars in damages, as many victims paid the ransom in order to recover their files.

What is Digital crypto currencies ?

Digital cryptocurrencies are a type of digital or virtual currency that uses cryptography for security. A cryptocurrency is difficult to counterfeit because of this security feature. A defining feature of a cryptocurrency, and arguably its biggest allure, is its organic nature; it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.

Cryptocurrencies are classified as a subset of digital currencies and are also classified as a subset of alternative currencies and virtual currencies. Bitcoin, the first and most widely used cryptocurrency, was created in 2009. There are more than 4,000 cryptocurrencies in existence as of January 2021, with the total market capitalization exceeding $1 billion.

The decentralized control of each cryptocurrency works through a blockchain, which is a public transaction database, functioning as a distributed ledger. Bitcoin, the first and most widely known cryptocurrency, uses a decentralized control system, which works through a blockchain, a public transaction database that functions as a distributed ledger. Bitcoin is often used as a store of value, and is considered by some to be a “digital gold.”

Basic e-mail security

Email security is the process of protecting the confidentiality, integrity, and availability of email messages and accounts from unauthorized access, use, disclosure, disruption, modification, or destruction. There are several ways to improve the security of your email, including:

  1. Use strong, unique passwords for your email accounts and avoid sharing them with others.
  2. Enable two-factor authentication for your email accounts, which requires an additional form of verification in addition to your password.
  3. Be cautious when opening emails or links from unknown senders, as they may contain malware or phishing attempts.
  4. Use a reputable email security software to protect against viruses, spam, and other threats.
  5. Enable encryption for your email messages to protect the contents of your messages from being read by unauthorized parties.
  6. Avoid sending sensitive or personal information via email whenever possible.

By following these and other email security best practices, you can help protect your email accounts and messages from potential threats.

What is S/MIME and why should you use it?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. It is widely used to secure email messages, as well as other types of electronic communications, such as instant messaging and voice over IP (VoIP). S/MIME uses digital certificates and public key infrastructure (PKI) to encrypt and sign email messages, ensuring that the contents of the message are only accessible to the intended recipient. It is supported by many email clients, including Microsoft Outlook, Apple Mail, and Mozilla Thunderbird. To use S/MIME, users need to obtain a digital certificate from a trusted certificate authority (CA) and install it on their devices. The certificate can then be used to encrypt and sign email messages, as well as to verify the identity of the sender.

There are several reasons why you might want to use S/MIME to secure your email messages:

  1. Confidentiality: S/MIME encrypts the contents of your email messages, ensuring that only the intended recipient can read them. This is especially important for sensitive or confidential information that you don’t want to be disclosed to unauthorized parties.
  2. Integrity: S/MIME uses digital signatures to verify the authenticity of the sender and the integrity of the message. This ensures that the message has not been tampered with or altered during transit.
  3. Non-repudiation: S/MIME provides non-repudiation, which means that the sender of an S/MIME-signed message cannot later deny having sent the message. This is useful for legal or business purposes, as it provides a way to prove that the sender really did send the message.
  4. Compatibility: S/MIME is supported by many email clients and servers, making it a widely-used and convenient way to secure email messages.

Overall, S/MIME is a useful tool for ensuring the confidentiality, integrity, and authenticity of your email communications.

Protection

Antispam, or spam filter, is a software designed to identify and block spam emails, also known as unsolicited bulk emails. Spam emails are usually sent to a large number of recipients and often contain fraudulent or malicious content, such as phishing attempts or links to malware. Antispam filters work by analyzing the content and other characteristics of incoming emails and identifying those that are likely to be spam. These emails are then either marked as spam or automatically moved to a spam folder, so that they are not delivered to the user’s inbox. Antispam filters can be implemented at the server level, on the user’s device, or as a cloud-based service. Many email clients and servers come with built-in antispam features, but users can also use third-party antispam software to further protect their inboxes.

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the person receiving an email to check that it was actually sent by the domain it claims to be sent from, and that it hasn’t been modified in transit. It works by adding a digital signature to the email header, which can be verified by the recipient’s mail server using the sender’s public DKIM key.

SPF (Sender Policy Framework) is another email authentication method that helps to prevent email spoofing. It works by allowing the owner of a domain to specify which mail servers are authorized to send email on behalf of that domain. When an email is received, the SPF of the domain in the email’s “From” field is checked against the IP address of the server that sent the email. If the IP address is not on the list of authorized servers, the email may be marked as spam or rejected.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that allows the owner of a domain to publish a policy in the domain’s DNS records stating which mechanisms are used to authenticate email messages sent from the domain. It also provides a way for email receivers to report back to the domain owner about messages that pass or fail DMARC evaluation. DMARC can be used to help protect against email spoofing by allowing domain owners to identify and block emails that fail SPF or DKIM checks, or that come from IP addresses that are not aligned with the domain’s SPF or DKIM records.

Email awareness training
Email awareness training is a type of training program designed to educate users about the risks and best practices associated with using email. It is important for users to be aware of the potential security threats posed by email, as well as the steps they can take to protect themselves and their organizations. Some of the topics that might be covered in an email awareness training program include:

  1. Email security best practices: This might include tips for creating strong passwords, enabling two-factor authentication, and avoiding phishing scams.
  2. Recognizing and avoiding email threats: Users should be taught how to identify and avoid malicious emails, such as those containing malware or phishing attempts.
  3. Protecting personal and confidential information: Users should be made aware of the importance of protecting personal and confidential information and be taught how to handle such information appropriately.
  4. Email etiquette: Users should be taught the proper way to use email, including how to write professional subject lines and messages, how to use proper formatting and grammar, and how to manage their inboxes effectively.

Overall, email awareness training is an important way to educate users about the risks and best practices associated with using email, and can help to improve the security and productivity of an organization.

Gophish is an open-source phishing simulation tool that can be used to test and improve the email awareness of employees within an organization. With Gophish, you can create and send simulated phishing attacks to your employees, track their responses, and measure their effectiveness at identifying and reporting phishing emails. This can help you to identify employees who may be particularly vulnerable to phishing attacks and provide them with additional training or resources to improve their email awareness.

To use Gophish, you will need to set up a Gophish server and create a campaign to send to your employees. You can customize the email templates and landing pages used in the campaign, as well as the timing and frequency of the emails. Once the campaign is launched, Gophish will track the responses of your employees and provide you with detailed reports on their performance. You can then use this information to identify areas for improvement and provide additional training or resources as needed.

Overall, Gophish can be a useful tool for improving the email awareness of your employees and protecting your organization from phishing attacks.

 

I hope this gives an insight to e-mail, what and why and why securing e-mail are important.