Category Archives: Email

Strengthening the Weakest Link – The Ultimate Spear Phishing Defense

Not convinced your employees need the training?

Late in 2012 Trend Micro reported that 91% of targeted online attacks involved spear phishing, making this the most favored type of APT (Advanced Persistent Threat) attack. When spear phishing, attackers make use of information about prospective victims to increase their credibility, and the likelihood that recipients will “bite” (click a URL) in an e-mail or social media post. That’s why spear phishing attacks yield a 70% open rate because people extend trust to the putative source, if not to the actual attacker. Because of the portability and ease of spear phishing, its popularity will only continue to grow. Traditional methods don’t stop spear phishing because individual employees and customers open the doors to attackers. In these circumstances, the employee/victim becomes the weak link in IT security.

Today’s employees need next-generation security awareness training on a regular basis to keep them informed and your network protected.

“A staggering 91 percent of targeted attacks begin with a spear phishing email”

 

Introduction

Spear phishing is a CSO’s worst nightmare because it is the most di cult attack to protect against. The use of targeted social engineering, practically undetectable malware and zero-day exploits are just some of the reasons why this is so. Clever hackers use legitimate-looking emails from organizations like the IRS, local banks, or Internet portals, targeted directly at CEO’s and other executives and employees.

One such incident occurred in 2012 when business executives received personalized emails informing them that their company was under investigation for criminal fraud. The email looked like a legitimate email from the IRS, and the link in that email directed the recipient to a website that looked exactly like an IRS webpage. But when the target clicked on a link, a Trojan was loaded into their computer which would steal everything interactive in the person’s email account before it could be securely encrypted. The result of such attacks is that customers are 42% less likely to do business with a company that has fallen victim to spear phishing and a resulting data breach. Even worse, phishing costs brands and corporations more than 98 billion dollars a year.

A Sorry Security Situation

CSOs are responsible for a company’s entire security. As such they oversee network security and are the first person everyone turns to whenever there is a breach. People expect CSOs to protect the company and prevent such breaches, but spear phishing makes even a CSO more likely to be blindsided. Once a breach occurs it is up to CSOs to act quickly and protect the company before any damage is done. Hackers count on this and act quickly to get every ounce of information they can before a breach is closed. Those who don’t understand how spear phishing works may blame the CSO or the security software in use. However, even the best CSO and best security software on the planet can’t stop an intelligent and motivated hacker.

If CSOs are to do their jobs well, then not only must they have the best security hardware and software, they also need the support of well-educated staff, and the ability to test their staff and find any weak links in need of strengthening. With all possible ‘defense-in-depth’ components properly in place, an organization becomes a very hard target, causing hackers to move on to pursue easier game.

The Missing Link

Several missing components can prevent employees from unwittingly opening the door to hackers:

How do you make sure your employees are getting the best education?

How do you make sure after your employees are educated that they don’t make security mistakes anyway?

If you could find out if they might be vulnerable to spear phishing, how can you enlighten them?

If existing methods for educating employees were effective, then spear phishing wouldn’t remain problematic for so many companies. Thus, it is obvious that a different approach is called for.

Hackers aren’t just looking to get at a company’s financial records and information. They are also after source code and intellectual property. In fact, they are literally trying to steal the future of your company. Years of work in your R & D department could end up in the hands of a Chinese competitor thanks to a single click of a mouse from an untrained employee.

Spearphishing has become so endemic in corporate and government networks that there is a joint government operation in effect to counteract it. Per the FBI: “Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, [or] order merchandise from the same website. The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive…

Law enforcement takes this kind of crime seriously, and we in the FBI work cyber investigations with our partners, including the U.S. Secret Service and investigative agencies within the Department of Defense.”

During a recent Microsoft TechEd conference, held in June 2012, Proofpoint surveyed 339 IT professionals about their concerns regarding targeted phishing attacks and enterprise data loss risks. Half of all respondents (51%) believed that their organization were targeted by a phishing email in the past year designed specially to compromise their users.

Dramatic examples of recent spear phishing attacks include:

The White House – China-based hackers breached a network used by the White House Military Office. According to their website, this office provides military support for White House functions, including food service, presidential transportation, medical support and hospitality services. There is no clear report on what the hackers were trying to access. An Obama administration national security official simply said: “This was a spearphishing attack against an unclassified network.”

Google, Inc. – A US official says that the same group that attacked the White House also broke into Google. Among those targeted were people who work at the White House. It is presumed that they were hoping these people would discuss secure information or conduct administrative business using their personal Gmail accounts.

South Carolina Department of Revenue – According to an official report, “A malicious email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password.” These attackers then gained access to “millions of Social Security numbers, bank account information and thousands of credit and debit card numbers” SearchSecurity’s coverage notes that, “In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen.”

The New York Times – The same China-based hackers who have wreaked havoc on the White House, Google, and others have been named as the responsible parties for this breach, too. In this particular case, the newspaper blames Symantec’s antivirus software for not foiling a malware installation.

Attacks against Google, Adobe and at least a dozen other advanced persistent threats (APT) that have been publicly documented have been initiated at least in part through targeted spear phishing emails. By itself, software alone is not a completely effective defense.

SC Magazine reports:

“Researchers have noted an increase in spear phishing targeting numerous industries, primarily in the United States, where malware evades detection by hiding inside Windows help (HLP) files attached to emails. The HLP files are embedded in attachments that appear to users to be ZIP files. Once the ZIP files are opened, however, one of several backdoors will be downloaded, allowing an attacker to carry out a range of feats – from changing users’ passwords to logging keystrokes to capturing screenshots or a number of other information-stealing tactics sent from the command-and-control server.”

Strengthening the Weakest Link

There is an important conclusion to be drawn from all this recent news. Security products continue to become more advanced and sophisticated, and that will certainly help. But to cope with the current situation and future attacks, end-users must be educated and informed. The more knowledge they possess, and the better informed those users are about attacks, the less likely they are to fall prey to scammers, online or off.

We are also starting to see an increase of social engineering over the phone. Hapless users are being called on behalf of ‘Microsoft’ or well-known security software companies and directed to allow access to their computers. Educated end-users do not fall prey to such scams.

But how do you train jaded users? Users who think they know everything. Users who have heard it all and are more sophisticated than average users. It’s not good enough that the trainer is a highly regarded security expert. You need that training to come from someone who understands hacker culture and how hackers think.

Contact us to learn how you can protect yourself from these types of phishing scams. Call 920-885-0141.

Anti Virus Myths Debunked

Top 5 Antivirus Myths Debunked

Top Five Myths about Antivirus Software

Antivirus is software that every computer user should have on their computer regardless of the computing platform. However, for some reasons, this becomes hard to wrap the mind around due to some myths and untrue information about the antivirus software. This makes some users afraid of installing the software on their machines. The most common myths include;

You will only visit safe websites

This is among the main excuses that people use to avoid antivirus software. However, the truth is that there is no safe site and there is no website that is 100 percent secure and not prone to potential threats. In fact, most of the most secure sites have become prey to viruses and hackers.

The attackers are working around the clock looking for means to exploit and improve their techniques so that they can match the security level. With this said you should not consider ruling out the idea of having antivirus for your computer as you are aware that no website can be termed as entirely safe.

Antivirus will slow down your machine

This idea has misled a lot of people who believe that security solutions like antivirus can slow down their computer. Although there is some truth in the argument, the fact is that antivirus can only slow down a computer if it does not meet the system requirements for it to run smoothly. Moreover, this happens if many scans are running concurrently or if you have installed more than one antivirus program or if there are too many activities happening simultaneously which leads to an overlap which slows down your computer. With the advanced encryption, an antivirus program should not cause any changes in the speed of the system.

You do not need a Mac protection

The Mac owners think that they do not need antivirus protection and that they are safe. However, the truth is that they need the protection as much as the window users do. No system is completely safe, and they are all prone to security threats.

Hackers are not interested in your system

Some people feel like their machines are not carrying any information that can draw the attention of hackers, but what they fail to understand is that as long as they are using the Internet, any information is useful to hackers. Thus no one should ignore their computer’s security.

You do not need to use the Internet

Some people tend to think that they will not log into any systems thus they are not at risk. But what would be the use of having a computer if you are not going to use the Internet from time to time? Time will come when you will not have a choice, and for this, it is better to be safe always.

You need to invest in getting quality antivirus software due to many reasons which include:

    You can never predict when virus will attack your PC

    Once the damage is done, it may cost you a lot to repair. Thus it is wise to avoid the future repair costs

    Protecting personal data

    Protecting others

Just like in everything else, there is a lot of false information about antivirus software, and it is essential to be knowledgeable about it no matter how convincing it may sound.

email marketing

How to Effectively Use Email Marketing During the Holiday Seasons

Importance of Email Marketing

Technological advancement has revolutionized the ways businesses are currently operated and managed. Through the inception of the internet, digital marketing has gained popularity due to its cost effectiveness and simplicity. One of the main digital marketing strategies is email marketing. During the holiday season, marketing and sales increase rapidly. As you compete to increase your sales during the holidays, customers receive a load of emails marketing different products and services.

With the increased number of marketing emails, it is easy for your emails to be deleted or go unread due to the commercial email monotony bombarded on your customers. Nonetheless, there are certain strategies that you may use to make your email marketing campaign effective during the holiday season. Having successful holiday marketing is a resultant of efficient planning for your specific audience. Also, you should prepare well ahead of time and optimize your email messages while simultaneously considering your industry’s best practices.

Create Targeted Customer Email Lists

To increase your efficiency, always know your entire customer base. Make sure that you know what motivates them and how you can reach them easily without becoming a nuisance through the delivery of effective emails. It is advisable to strive and go beyond sending the basic marketing messages. During the holiday seasons, there are those shoppers who buy ahead of time while others are last-minute shoppers. Segment your contact list into smaller groups to enable you to create more personalized messages that will engage your customers extensively.

Make Messages Interactive

Always make sure that your emails are interactive and once your customer buys from your store send a follow-up message thanking them and inquiring whether they are satisfied with your products and services. The interaction will increase your sales through referrals and positive reviews as well as feedback. Always make sure that your email is perfect in structure and concise enough for easy comprehension of the main subject by your customers.

Write Clear and Concise Subject Lines

The subject line of your marketing email should be short enough and appealing to catch the attention of your subscribers. Keep your length of text significantly short and convincing. Also, make sure there is a vivid call to action to enable your subscribers to act efficiently on your message. Your email should stand out from the rest to increase your conversion rate thus exponentially increasing your sales. Offer discounts and prizes to motivate the customers to make purchases from your business.

Utilize Scheduling Features

Schedule your messages ahead of time and create the messages in advance. You can set up an auto-responder series and choose the right sending frequency to enable your email marketing campaign to perform automatically. Since you will need to send many periodical marketing emails during the holiday season, the automatic responder series comes in handy saving you a lot of time.

Using these strategies will enable you to have an effective, efficient and reliable email marketing campaign during the holiday seasons. If you have any questions about how to create an effective email marketing campaign, contact our website and online marketing department at Inter-Quest Corp.

Office 365 Email

The Benefits of Moving Email to Office 365

Benefits of Office 365 Migration

It is vital to have a reliable email system for your business in order to sustain communication aspects such as client contact, supplier contact, in-house communication, and sending of invoices among more. Without this essential aspect of communication, your business could easily be crippled. As technology advances, more reliable email solutions and systems such as the cloud hosted Office 365 from Microsoft have been developed to take over the traditional, on-premise Microsoft Exchange servers.

The Office 365 migration (that is the shift from the common Microsoft Office to Office 365) holds in store many benefits to your business. It gives you online access to your email, presence/communication, collaboration, and office web apps.<?p>

Here are the major benefits of Office 365 migration:

1. Enhanced accessibility (at any place and time)

With office 365, you can be able to access your email and any other office apps from any place and at any time. Cloud hosting enables easy access to mails, files and apps at the workplace, home or even when on the move. You no longer have to specifically sign in to your work desktop or laptop to view your email securely. Use your PC, tablet, Mac or even smartphone to view your emails even while on-the-go.

2. Save heavily on costs with the pay-as-you-go pricing

Office 365 is the ultimate platform for running cost-effective email solutions. With it you get to pay as you go, meaning you get more predictability and flexibility in the service. You can therefore buy as many licenses as you want and be able to scale up or scale down in a much simpler way than with the case of an on-premise server. This can save you huge up-front costs.

3. Automatic backing up of files

No one enjoys losing a file because it had not been saved early enough. It results in time wastage and too much hassle writing or creating another piece of the same. Office 365 takes away the hassle of saving these files from you. It automatically saves your files and provides back-up, ensuring that your latest version of any file is automatically updated and never lost.

4. Trusted source and high-end security

Office 365 is created by Microsoft, a trusted name in the tech industry. They have invested a lot of money in to the creation and running of the hosted service to ensure it’s the best in its category. This guarantees that the email solutions on Office 365 have more up-time, geo-redundancy, powerful security, and disaster recovery options.

5. Better communication through collaboration

Mis-communications can slow down your business operations or completely hamper them. Improve the efficiency of your business by moving your email to Office 365 and enhance collaboration within your business network. Everyone can have access to the same document at the same time, hence creating no room for mis-communications or misunderstandings.

6. Online conferencing

This is the age of online meetings and connections. Office 365 offers you the perfect conferencing tool to connect with your colleagues as you take notes, screen-share, and video chat through one application.

If you haven’t moved your email to Office 365 already, join the train now! Don’t let your competitors enjoy the benefits of email migration as you watch. Find out more on how Office 365 email migration can work for you.