Email: 5 tips to protect against attacks

July 22, 2020 · frtg · 3 min read

The email inbox and email addresses we use represent our identity in the digital world. Through email we exchange information, issue directives, and send documents. Given the role of email and its external exposure, it is straightforward to understand why threat actors have such strong interest in obtaining access to this space.

This article presents five practical recommendations to protect against potential attacks and fraud.

The most common fraud schemes encountered:

Phishing: fraud in which threat actors send emails appearing to originate from financial institutions or one’s own organization. Often the email text contains a link to an external site controlled by the attacker, where the victim is requested to enter sensitive data (username, password, bank account details, etc.);
Email Malware: criminal activity conducted with the objective of compromising the user’s computer. In this manner threat actors obtain access to computer data and potentially extend the attack to the remainder of the IT infrastructure;
BEC (Business Email Compromise): known as the “CEO fraud,” threat actors, having obtained access to an email account belonging to a senior company figure, request employees to arrange payments to offshore accounts.

Five practical recommendations:

1. Authentication and Protocols

Enable two-factor authentication (2FA). Major webmail services offer this capability as an additional security layer. It is preferable to use smartphone applications rather than receiving codes via SMS (as the latter is vulnerable to MITM attacks).

Additionally, disable support for obsolete protocols in Office365 and Active Directory environments for email access, as these are exploited by threat actors for mailbox control and brute-force attacks (T1110 – Brute Force).

2. Use complex passwords

How to use complex passwords? The recommendation is straightforward: use song lyrics that you will not easily forget. In this manner it is simple to achieve the required length and obtain excellent complexity. Only add uppercase characters and symbols!

Alternatively, excellent password managers exist, particularly for those administering networks or systems.

3. Attention to detail

What to verify in an email to ensure it is legitimate?
Pay attention to the sender; threat actors frequently create similar domains (example: @gmail.com → @gmai1.com).

Examine the message text (although fraud emails are now often written in excellent language).
If a link is present or you are requested to enter your credentials, it is not trustworthy.

4. Strengthen anti-spam systems

Often an anti-spam system is in place for mailbox protection. However, these systems require rule configuration (or tuning) to be more effective and thereby block potential fraud. A Cybersecurity Advisory engagement can assist in optimizing these defenses against email-borne threats.

5. Attachments

Not all users are aware that attachments may contain malware. This includes Word, Excel, PowerPoint, and PDF documents.
Other file extensions should be blocked as a matter of best practice through dedicated rules in anti-spam systems (.ace, .bat, .js, .iso, etc.).
If this is not the case, exercise particular caution.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.