{"id":1293,"date":"2020-07-22T16:00:23","date_gmt":"2020-07-22T14:00:23","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=1293"},"modified":"2026-06-08T22:34:15","modified_gmt":"2026-06-08T22:34:15","slug":"email-five-tips-protection","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/email-five-tips-protection\/","title":{"rendered":"Email: 5 tips to protect against attacks"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The email inbox and email addresses we use represent our identity in the digital world. Through email we exchange information, issue directives, and send documents. Given the role of email and its external exposure, it is straightforward to understand why threat actors have such strong interest in obtaining access to this space.<br><br>This article presents five practical recommendations to protect against potential attacks and fraud.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The most common fraud schemes encountered:<\/p>\n\n\n\n<ul>\n<li><strong>Phishing<\/strong>: fraud in which threat actors send emails appearing to originate from financial institutions or one&#8217;s own organization. Often the email text contains a link to an external site controlled by the attacker, where the victim is requested to enter sensitive data (username, password, bank account details, etc.);<\/li>\n<li><strong>Email Malware<\/strong>: criminal activity conducted with the objective of compromising the user&#8217;s computer. In this manner threat actors obtain access to computer data and potentially extend the attack to the remainder of the IT infrastructure;<\/li>\n<li><strong>BEC (Business Email Compromise)<\/strong>: known as the &#8220;CEO fraud,&#8221; threat actors, having obtained access to an email account belonging to a senior company figure, request employees to arrange payments to offshore accounts.<\/li>\n<\/ul>\n<p> <\/p>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\"><strong>Five practical recommendations:<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">1. <\/span>Authentication and Protocols<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Enable <strong>two-factor authentication<\/strong> (2FA). Major webmail services offer this capability as an additional security layer. It is preferable to use smartphone applications rather than receiving codes via SMS (as the latter is vulnerable to MITM attacks).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Additionally, disable support for <strong>obsolete protocols<\/strong> in Office365 and Active Directory environments for email access, as these are exploited by threat actors for mailbox control and brute-force attacks (T1110 &#8211; Brute Force).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.<\/span> Use complex passwords<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">How to use complex passwords? The recommendation is straightforward: use song lyrics that you will not easily forget. In this manner it is simple to achieve the <strong>required length<\/strong> and obtain excellent <strong>complexity<\/strong>. Only add <strong>uppercase characters<\/strong> and <strong>symbols<\/strong>!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Alternatively, excellent <strong>password managers<\/strong> exist, particularly for those administering networks or systems.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">3.<\/span> Attention to detail<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">What to verify in an email to ensure it is legitimate?<br>Pay attention to the sender; threat actors frequently create similar domains (example: @gmail.com \u2192 @gmai1.com).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Examine the message text (although fraud emails are now often written in excellent language).<br>If a link is present or you are requested to enter your credentials, it is not trustworthy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">4. <\/span>Strengthen anti-spam systems<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Often an anti-spam system is in place for mailbox protection. However, these systems require rule configuration (or tuning) to be more effective and thereby block potential fraud. A <a href=\"https:\/\/fortgale.com\/en\/cybersecurity-advisory\/\">Cybersecurity Advisory<\/a> engagement can assist in optimizing these defenses against email-borne threats.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">5.<\/span> Attachments<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Not all users are aware that attachments may contain malware. This includes <strong>Word<\/strong>, <strong>Excel<\/strong>, <strong>PowerPoint<\/strong>, and <strong>PDF<\/strong> documents.<br>Other file extensions should be blocked as a matter of best practice through dedicated rules in anti-spam systems (.ace, .bat, .js, .iso, etc.).<br>If this is not the case, exercise particular caution.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five practical guidelines to reduce exposure to email-borne threats: phishing, attachment macros, sender spoofing, MFA and user awareness \u2014 what works and what does not.<\/p>\n","protected":false},"author":1,"featured_media":1301,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[78,116,3180,3177,209,212,226,3178,276,3179],"class_list":["post-1293","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-consigli","tag-difesa","tag-dmarc","tag-email-security","tag-mail","tag-malware","tag-mfa","tag-phishing-defence","tag-protezione","tag-user-awareness"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=1293"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1293\/revisions"}],"predecessor-version":[{"id":9860,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1293\/revisions\/9860"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=1293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=1293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=1293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}