Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

7 Powerful Pointers to Help Thwart Email-Based Attacks

While alternative options for functional communication channels are steadily growing for business users, email remains inextricable from your daily routine. It is easy to check. You browse it often. And even more so than your social media accounts or your favorite apps, it serves as a personal, direct line to you.

As such, the messaging vanguard still remains enormously popular with users, even millennials. Marketers love it too: Email newsletters (for example, shameless plug alert, Trustwave Digest) are back in vogue. If consumers are going to hear from brands, they want it to be done via email.

But there is one other, far more perfidious, group who also adores email: Cybercriminals.

They prey upon the curiosity, urgency and emotions you feel when you hear that enticing ding from your computer, signaling a new addition to your inbox. And they descend upon you in droves. According to the 2017 Trustwave Global Security Report, phishing and social engineering rank as the second-biggest factor contributing to compromises (only behind remote access). Other studies have found that nine out of every 10 breaches has a phishing or social engineering connection.

Download your copy of the 2017 Trustwave Global Security Report

Our Global Security Report also discovered that in 2016, 60 percent of all inbound email was spam. Meanwhile, 35 percent of those spam messages contained malware, up three percent from the prior year.

Phishing attacks often originate from spam botnets such as Necurs and can take on many forms, from the well-document scourge of "CEO fraud" that has pillaged companies of millions of dollars to a fresh wave of malware disguised as legitimate Microsoft Office files.

Given the success rate of email-based attacks, coupled with the ease by which they can be launched, your adversaries won't be giving them up anytime soon. But there are steps you can take to lower your risk and force your foes to look elsewhere.

1) Lock down email traffic content as much as possible

Carefully consider your organization's inbound email policy. Quarantine or flag all executable files, including Java, JavaScript, .vbs and .wsf attachments, as well as all suspicious and/or unusual file attachments, such as .cpl, .chm, .hta and .lnk files. Create plans for how to handle these potentially dangerous files coming into your organization.

2) Block or flag macros in Office documents

At the least, organizations should enable macro protection in Microsoft Office while making users aware of the threats.

3) Keep client software fully patched and promptly up to date

Many email attacks succeed because of unpatched client software, such as Office and Adobe Reader.

4) Ensure your ability to check potentially malicious or phishing links in emails

Perform checks with the email gateway, the web gateway or both.

5) Deploy anti-spoofing technologies on your domains

Do this at the email gateway and deploy techniques to detect domain misspellings that may indicate phishing.

6) Educate users

Everyone, from the rank and file up to the C-suite, needs to comprehend the nature of today's email attacks. Conducting mock phishing exercises against your staff shows employees that phishing attacks are a real threat, and they need to be wary.

7) Deploy an email security gateway

The security gateway should be on premises or in the cloud with multiple layers of technology, including anti-spam, anti-malware and flexible policy-based content filtering capabilities.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.