The following social engineering scams were communicated among our clients recently, and we figured it would be beneficial to share these slides with everyone, to provide awareness of some common social engineering scams that you may be a target of.
The following was written by one of our senior technicians as an internal communication to one of our clients. There is a lot of valuable information for anyone who uses email (2.5 billion people worldwide...), and a read through could help shed light on spam from the perspective of a managed IT provider:
Spam, by definition, irrelevant or inappropriate messages sent on the Internet to a large number of recipients. It’s a prevalent way to send a large quantity of advertisements for drugs, money scams, malware attacks, phishing attempts, and a slew of other types of solicitations to random and bulk people in the world. It’s cheap to send (no stamps or envelopes are involved) and easy to reach large numbers of people by utilizing systems that are not properly secured or have been compromised. It’s not difficult for an expert spammer to gain access to an improperly secured mail server and use dictionaries of names and domains to create thousands (if not tens of thousands or millions) of emails and fire [them] across the internet to unsuspecting victims. These are unsolicited bulk emails versus the mailings/newsletters you might sign up for at your favorite department store, office supply store, or other provider of goods and services.
With that said I think I’d expand the definition of spam to be irrelevant or inappropriate unsolicited messages sent on the Internet to a large number of recipients.
The Fight Against
So how is spam prevented or combated? Prevented? Next to impossible. The nature of email and the origins of many of the underlying designs our email systems are based on can’t really prevent bad email from being sent. Add to the equation that there are countless mail servers in the world and not all of them are secured, maintained, or monitored in a thorough manner and sometimes by less than capable administrators. These systems could be set up incorrectly and could be an “open relay” in which they allow all mail requests to be granted for delivery even to mail domains they don’t manage, or perhaps there was a security hole that wasn’t patched and was exploited and spam is sent regardless of how well managed the server is. Even your own email user name and password can be compromised and legitimate and secured mail servers can be used to spam others from your own account. How is it combated? With mail filters and appliances designed to detect spam and block it. These devices and software packages use databases of patterns and identified spam to classify and rate every email that is received (and sometimes sent) to ensure that spam doesn’t get through. Heuristics, blacklists, reverse DNS, and a multitude of other methodologies are used to further rate and potentially block spam from getting to your inbox.
Is it perfect? Sadly no. No database can contain every possible way that a spammer could spell a word obscurely to beat the filter. Blacklists and reverse DNS could affect legitimate systems and block good email as well. A very delicate balance needs to be struck on each and every mail filter to ensure the most spam is being prevented from being delivered while allowing delivery of the most possible good email. Again, never perfect. You could make the rules too lax at which point 100% of good email gets to you, but so does 5-10% of the spam. Settings could be tightened and 1% of spam gets through, but only 98% of good email gets through. Make the settings really strict and 0% spam makes it through, but only 89% of good email does—and that meeting request for that billion dollar business deal wasn’t one of them. Whoops. 1% spam is looking better if it means getting those meeting requests.
As indicated previously, it’s not a perfect science. There’s a lot of ways to beat the filters and the cat-and-mouse game has to constantly be waged, much like viruses and antivirus, to ensure the least amount of spam possible. But spam still gets through. Ever wondered how much email is processed and how much spam is handled and good email is delivered?
LAN Solutions provides email spam filtering as a service to our clients. Our mail filter has received 15,233,765 messages this year alone. Of those messages 12,589,107 (or 82.64%) were classified spam and blocked with another 143,936 (1.6%) being infected by viruses. Only 18.36% of messages this year were deemed legitimate and allows to pass through. This week alone, the mail filter has processed 215,246 messages with 84.29% of them spam, 4.36% of them viruses, and only 24,419 messages (11.34%) actually allowed to be delivered. Staggering numbers when, if all spam was delivered, your Inbox would be filled with messages at a rate of nearly 9-to-1 in favour of viruses and spam today alone. Yikes!
Voting for the 2016 Calgary Small Business Week: People's Choice Award is open now through 8:00 am on September 2nd!
LAN Solutions is very excited to be a part of the Calgary Small Business Awards, and we need your support to win the People's Choice Award this year!
Visit http://www.smallbusinessweekcalgary.com/awards/finalists/peoples-choice-award/lan-solutions-corp/ to vote. It's friendly competition, and we'd love to see your support.
The Awards show is happening during the Small Business Calgary Conference, where you can find more information here: http://www.smallbusinessweekcalgary.com/conference/
Thanks! From everyone here at LAN Solutions.
Norton, a division of Symantec published a global study on public Wi-Fi use. Here's the link to the full study.
In the study, participants from the USA, UK, Australia, Canada, Japan, France, Germany, Brazil, and Mexico were questioned on their public wireless use habits. After reading the published results, the findings were shocking.
You are likely familiar with phone and email scams designed to manipulate you into providing personal information. From "You've won an all-inclusive vacation..." to "I'm calling from Visa to report suspicious activity on your credit card...", the methods of manipulation have become increasingly creative. While these scams annoy us in our personal lives, they pose a significant risk to businesses small and large.
Is your business vulnerable?
In the modern internet age, the number of software and web services we utilize has grown exponentially. We maintain multiple email accounts and computer logons, shop online at a multitude of stores, and live our lives plugged in and always on. Of course, with this trend comes a staggering amount of usernames and passwords. Trusted providers do all that is within their power to protect your identity and keep your information safe, however there is still a large amount of responsibility on the part of the individual to ensure private, personal information remains so.
Businesses have a higher security risk because many individuals share information and systems. Just as a chain is only as strong as its weakest link, corporate security is only as secure as its weakest point – and this point tends to be passwords and password management.
Password security facts
Methods of compromising passwords have grown increasingly efficient, and well known habits and trends allow malicious software or people to uncover your password. A few of these common facts can be used in algorithms to greatly reduce the amount of time required to crack a password.
- Numbers that are used in passwords are usually the numbers ‘1’ or ‘2’ and are placed at the end of the password
- Women frequently use personal names for passwords
- Men frequently use their hobbies for passwords
In order to increase your password security, follow a few of these recommendations when creating new passwords.
- Use substitutions like the number zero for the letter ‘O’ or ‘3’ for the letter ‘E’
- Make an acronym from a phrase: IwtT$4M (Remember as “I Went To The Store For Milk”)
- If you’re having trouble coming up with a strong password, use a free and trusted password generator
Avoid these common mistakes when creating and maintaining passwords.
- Don’t use the same passwords for multiple accounts
- Don’t use a password with personal information, such as birthday or name
- Don’t reuse the same password for at least a year
Security is LAN Solutions’ number one priority. Industry best practices and consistently evolving processes and procedures are necessary to ensure that both personal, and corporate information is safe and secure.
Password Facts: http://www.halock.com/blog/passwords-fascinating-facts/