Embedded Files
Handling Post Cyber Attack on E-mail
Email security is the practice of protecting email accounts and communications from unauthorized access, loss, or compromise. This involves establishing policies and using tools to protect against malicious threats such as Malware, BEC, and phishing attacks. It can also involve ensuring confidentiality, integrity, and availability of email messages.
Common Attack on E-mail
i) PHISHING
· Attackers use fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data.
· QR code phishing, when a malicious URL is hidden behind a QR code, the link becomes an image file, not a clickable element.
Protect against phishing?
· Before clicking on any link or downloading any attachment, ensure that you recognize and trust the sender.
· Never click on links that request personal or financial information. Instead, visit the website directly by typing the URL into your browser. (Ensure that you use proper and correct URL)
· Avoid downloading attachments unless you’re expecting them and are certain of their content.
ii) BEC (Business Email Compromise) Attacks
· Attackers leverage data from previous breaches and use OSINT tools to build detailed profiles of their targets.
· Attackers begin rolling out their BEC attacks by sending out mass emails.
· Attackers use various impersonation techniques, such as domain spoofing and lookalike domains.
Protect against BEC Attacks
· Getting visibility into malicious activities and user behaviour-both within your environment and in the cloud.
Automating detection and threat response.
Create an incident response plan specifically for BEC attacks.
Implement automated flagging systems for high-risk keywords and unusual request patterns.
iii) Spam
· Unsolicited email that often contains advertisements for goods and services but can spread malware.
· Once malware is installed on a user’s computer, it can steal sensitive information or encrypt files.
· Spammers often use software programs called “harvesters” to gather information from websites, newsgroups, and other online services where users identify themselves by email address.
Protect against spam
· Using a spam filter helps protect your email account and computer from spam, phishing scams, and other types of malicious or unwanted email.
· Some spam filters are built into email clients and servers, while others are standalone programs that can be installed on your computer or device.
· Do not click any unexpected order, greetings, wedding cards, invitation cards and bank statements etc.
· Recheck the email id don’t just see the header check who send it.
Here's how to use the Gmail spam filter:
· Open the Gmail email you want to mark as spam.
· Click the "Report spam" button, usually found at the top or right side of the email view.
· The email will be moved to your Spam folder and Google will be notified.
iv) Botnets and DDoS
· Botnets are used in distributed denial of service (DDoS) attacks that attempt to overload systems by creating large volumes of fake traffic.
· DDoS attack crashes the victim’s web server, attackers can use hijacked botnets to send out a massive number of emails to a targeted organization, causing the email server to crash.
Protect against Botnets and DDoS
· Keep devices more secure by installing antivirus and other software updates and patches as soon as they become available.
· Use reputable email services (like Gmail, Outlook, or enterprise solutions with security features).
Here are some ways to secure your email
· Protect email accounts with sender authentication
· Be aware of attachments and don’t click links in emails
· Block spam and unwanted senders
· Use strong passwords for email accounts
· Implement multi-factor authentication (MFA)
· Keep business and personal emails separate
· Avoid the use of public Wi-Fi
· Back up critical files
· Train employees on email security best practices
· Deploy an email security solution
Page updated
Google Sites
Report abuse