Matt Roberts, System Engineer
How many times have you opened your email to find more spam than valid email? Can you count the number of times you’ve opened an email asking to update, verify or confirm information a business has on file?
Most people in this technology-driven world have heard of spam and have been adversely affected by it. At its core, spam is an advertising ploy in which unsolicited mass emails are sent to mailing lists or newsgroups. It is very cost-effective for companies to use this sort of advertising because of the sheer number of people they are able to impact with little or no marginal cost per email message. A report published by Iron Port last year estimated that spam makes up 67% of all email flowing worldwide; conversely, only about 25% of that volume is valid email traffic. This staggering statistic only emphasizes the need for effective network spam controls to sift through all of these unwanted emails.
Manually identifying spam emails is not a difficult task, especially with email subjects such as “Make Money Fast” or “Free mortgage financing”, but your users have better things to do than weed through their inboxes. The challenge lies in trying to automatically eliminate as much spam as possible without preventing valid messages from reaching their intended recipients. While completely eliminating spam is virtually impossible due to the constantly adapting methods of avoiding filters, tools can be used to decrease the amount of spam received in a user’s inbox. Common tools for fighting spam are: GFI Mail Essentials, Symantec Mail Security, or third-party email filtering services such as eShield provided by Safe Systems’ sister company, Gladiator Technology Services. GFI and Symantec Mail Security are software solutions that allow Administrators to customize spam filters, ensuring spam is caught at the server level. These types of solutions still need regular tweaking and updating to ensure maximum protection. In general, spam is more of an annoyance than security concern, but there is another type of attack of which financial institutions must be aware — phishing.
Phishing is the process of attempting to gain sensitive information (i.e., usernames, passwords, and possibly credit card information) through emails containing links to fraudulent websites. These fraudulent email messages and websites are carefully modeled after the business they mimic, making visual detection nearly impossible. Email phishing can lead to more devastating long-term results than getting multiple unwanted emails or viruses from spam. Falling into phishing traps can result in a wipe out of a customer’s account, credit card information being compromised, and/or identity theft. An email Phishing attempt may look similar to the below:
As a rule of thumb, businesses should NEVER ask for sensitive information through email. Most phishing emails may ask you to update, validate, or verify your information with them. If there is any question of the email’s validity, you should always call the business to report the incident. Since there is no way to stop phishing attempts, it is increasingly important to educate employees, as well as customers, on how to identify these attempts. If you receive an email that you believe is a phishing attempt, follow these steps:
- DO NOT CLICK ON THE LINK!
- A phishing attempt is different from a virus in that as long as you don’t click on the link, there is no harm in the email.
- If you are sure it is a phishing email, DELETE the email immediately.
- Hit reply on the email.
- Although the email may seem like it is from a valid institution, the reply email may say firstname.lastname@example.org.
- Move your cursor over the link WITHOUT clicking on the link.
- A bad link for https://www.bank.com may be something like http://choicecars.com.u/www.bank.com/cgi-bin/webt.php?login
- It is very obvious this is not the actual link to a valid address for the bank.com domain.
- Delete the email.
- Unfortunately, it is almost impossible to catch a “phisher-man”, the person attempting to gain personal information, so deleting the email is the best option.
Phishing email attempts and email spam will continue to cause problems as the world becomes more and more dependant upon technology. While phishing can be prevented through education, spam prevention is an ongoing process. Therefore, it is extremely important to constantly remind customers and employees to be on the alert for any attempt to gain access to personal information.