If you have an email account, you have probably received at least a few offers to help a desperate, ex-communicated Prince in a far-off land gain access to his millions of dollars. All it will cost you is a few thousand bucks to cover his legal fees and you will get compensated tenfold! Come to think of it I never did get paid my 50 pounds of gold for helping that guy out… I should send a follow up email. Regarding this article, I am more interested in the targeted attacks that have become more numerous in recent months.
Using social engineering tactics to pose as internal IT in order to gain unauthorized access is nothing new, and the presence of the most recent global scare has only boosted the effectiveness of such techniques. Users are suddenly receiving strange emails from various parties instructing them on how to gain access to their now stranded resources when working from home. These communiques may be in a nonstandard format, sent from an IT employee who is usually locked in the server room or maybe even delivered from an outside managed service provider. This is a perfect opportunity for a would-be hacker to circulate phishing emails targeting these already stressed, confused, and potentially vulnerable employees.
We educate our users to keep an eye out for “funny looking” emails but with everyone working from home and relying on a-typical emails containing links to resources they need to get their job done, how are users supposed to differentiate between the phishing mails and legitimate ones? It has become far more likely that an employee will click that link to reset their Sales Force account (spam), considering we sent a similar email last week to get them remote access in the first place.
The way I see it, there are two potential solutions to prevent an organization from being exposed to these simple yet very effective phishing attacks.
I am all for the robot employees, they never forget their passwords, but I understand that may not be the solution for everyone.
With the shift to Office 365 and reduction in on-premises email infrastructure, we have seen a reduction in the number of proper, functional and well-maintained Email Gateways. Many organizations have outsourced mail filtering and scanning to third party providers and while these services have their benefits, they are completely unable to provide protection against targeted or unknown threats. An email gateway such as the Fortinet FortiMail appliance (or VM) can be leveraged to provide a proactive security posture and prevent even the most sophisticated phishing and impersonation attempts. The ability to tune your organizations mail is lost with an outside filtering solution which are generally set up with a “one size fits all” methodology.
Furthermore, once an Email Gateway is deployed it must be maintained regularly, they are not set and forget appliances. Attackers are constantly refining their process and developing new methods to skirt your perimeter and so must the perimeter be tuned to protect against them.
If you would like to know more about how Secure Sense Solutions could implement and even manage an Email Gateway for your organization, don’t hesitate to shoot us an email at firstname.lastname@example.org.
Written By: Matt Curtis
Matt Curtis is an experienced Network Security Engineer responsible for the architecture and deployment of next generation security solutions across a diverse range of customer environments. He is trained and certified with a variety of vendors, however the bulk of his experience and expertise exists within the Fortinet family of products.
Want more content like this? Head to the blogs below:
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.