It is well known that the mail system has an indispensable position in daily office work. Although other communication methods such as WhatsApp similar have appeared, it still cannot replace the important position of personal, corporate, government and other users to use the mailbox system as a communication and file transfer tool.
41% of companies worldwide are attacked by ransomware and 70% of their victims choose to pay a ransom. Whether it’s a webcast attack or a targeted attack, email is the most common delivery method, accounting for 59%, followed by websites, social media, and infected storage.
It is reported that in a report released in October this year, researchers at the anti-virus service provider Carbon Black found that sales of ransomware increased by 2502% between 2016 and 2017. The researchers said that the research report monitored 21 of the world’s top dark web platforms, and then extrapolated the collected data to arrive at this result. In fact, there are currently more than 6,300 platforms worldwide offering ransomware trading. However, with the sales growth rate reaching a staggering 2502%, the total ransomware sales amounted to $ 6.2 million, which was $ 250,000 more than the previous year’s total sales.
Commercial email scam
Commercial email scams are also called “Boss scams” which is exactly the same as ‘I am your leader’ phone scam. Common commercial fraud topics include invoices, shipping information, overdue accounts, and more.
Very often the attacker plays on employees habit of respecting leaders when asked financial employees to transfer funds (ignoring identity verification and process signing).
Phishing corporate email
Sending phishing e-mails in the name of enterprises, especially when sending phishing e-mails counterfeiting e-commerce companies (Taobao, JD.com, Amazon, etc.) and public utilities (public inspection law, 12306, etc.) are extremely harmful. Such attacks do not have a direct impact on the business, but indirectly affect the corporate reputation.
As we have seen, attack methods against email security are becoming more advanced, and the essence of security protection lies in people as well.
Email password protection is important
(1) The password should be set to a complex password.
(2) The password should be updated regularly and kept properly
(3) Do not use sensitive information such as name, domain name, account name, birthday, phone number, consecutive numbers or letters as passwords;
(4) Check carefully whether the address of the recipient is correct, especially check whether the letters are spelled correctly, such as: “0” “o”, “rn” “m”;
(5) This password is never sent out or spoken.
Strengthen account supervision in the domain
Check frequently if your mailbox is set up for auto-forwarding, if it is not an auto-forwarding you added yourself, change your password immediately.
A safe use environment is important
(1) The mailbox is dedicated, so do not use it with multiple people. If there are changes in personnel, please change the password in time
(2) Try not to use the mailbox on the public computer. If you use it, remember to exit the mailbox in time
(3) Use corporate mailboxes to ensure network security
(4) The computer must update patches in time to fix vulnerabilities, and do a good job in virus and Trojan investigation
(6) Do not browse insecure websites and log in to mailboxes from some suspicious phishing websites
(7) Do not open URL links and suspicious attachments from unknown sources
The core of email security is address and and email content. There are some strategies that can be used to reduce the exposure of assets.
At present, mailboxes usually support alias settings. By setting aliases on mailboxes, fake accounts can be easily used. E-mail addresses are public information as business contact methods. Commercial aliases can effectively protect email accounts and increase the complexity of obtaining account numbers and passwords.
As for the contents of emails that involve money and sensitive information, pay attention to verifying with the sender to avoid unnecessary loss of financial benefits.
In addition, in order to prevent the leakage of sensitive information of the company after the email account is leaked, it is recommended to use an encrypted mailbox, and important files can be sent encrypted.