Understanding Security Issues by Stanley Siegel & Chris Williams & Scott Donaldson

Author:Stanley Siegel & Chris Williams & Scott Donaldson [Stanley Siegel]
Language: eng
Format: epub
Publisher: De Gruyter
Published: 2018-12-17T05:00:00+00:00

Guarding Against Counterfeit E-Mails and Secure E-Mail

Because e-mail protocols are inherently insecure, it may be possible for attackers to generate and send counterfeit e-mails. Counterfeit e-mails may appear to be from businesses where you have relationships, the government, or your friends. To reduce this risk, standards organizations have developed e-mail protections that make it harder to generate or transmit counterfeit e-mails. These protections include the sender policy framework (SPF), domain key identified mail (DKIM), and domain-based message authentication, reporting, and conformance (DMARC). These protections make it harder for attackers to counterfeit e-mails targeting protected organizations. However, these protections are not complete internet-wide, so one can not be guaranteed that any given organization is protected, all the time.

Consequently, you must be aware that counterfeit e-mails are always a possibility. This means an e-mail can still be malicious even if it appears to come from a legitimate organization where you have a relationship. The malicious e-mail can have a matching organization name and e-mail address. Further confusion comes from the fact that many legitimate e-mail messages come from third-party services providing payroll, shipping, facilities management, or other supporting business services.

To reduce these risks for the most sensitive e-mail messages, secure e-mail technologies are available for businesses to use. These technologies include the secure multipurpose internet mail extension (S/MIME) and pretty good privacy (PGP) standards, as well as web services for secure messaging. S/MIME and PGP messages may appear in your e-mail reader with lock or signature icons to show the messages are secure. Secure messaging web services, on the other hand, send you a text e-mail message that contains a web link to retrieve the actual message from a secure website. This technique is increasingly being used in the human resources and healthcare industries for sending sensitive personal information.

To guard against counterfeit e-mails and use secure e-mail, you should consider the following:

–Be cautious. Understand that counterfeiting technology enables attackers to spoof even legitimate e-mail addresses. So, you must recognize the message is malicious based on other factors, like the context, the message, or suspicious links or attachments.

–Know when secure messages are coming. Customer service personnel are generally trained to tell you when to expect a secure e-mail using a secure web services. The challenge with these web services is that their messages include links you must click to get to the messages, which makes the messages look somewhat like phishing. Look at the messages carefully to make sure that everything is in order before you click the link. Secure messaging is usually used only for non-routine, confidential messages, rather than general business notifications.

–Understand what S/MIME and PGP e-mail looks like. Understand if your e-mail client can support secure e-mail, and what S/MIME or PGP messages look like in your e-mail client when you receive them. Unfortunately, not all e-mail clients can send or receive S/MIME or PGP messages, or require special software be installed beforehand. This limitation has hindered the adoption of these technologies.

–Be careful of attachments and links. Even with secure messages, watch out for attachments and links.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.