The Dilemma: Junk, Spam, or Phishing? How to Classify Unwanted s and Respond Accordingly

Similar documents
Train employees to avoid inadvertent cyber security breaches

Cyber Security Guide for NHSmail

Spam Protection Guide

Online Scams. Ready to get started? Click on the green button to continue.

How to recognize phishing s

TIPS TO AVOID PHISHING SCAMS

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

WITH INTEGRITY

But it Was Such a Little Phish February 2016 Webinar

KASPERSKY SECURITY FOR MICROSOFT OFFICE s are sent every second. It only takes one to bring down your business.

Phishing: When is the Enemy

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Online Security and Safety Protect Your Computer - and Yourself!

41% Opens. 73% Clicks. 35% Submits Sent

Your security on click Jobs

LifeWays Operating Procedures

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

PTLGateway Acceptable Use Policy

An electronic mailing list is a way to distribute information to many Internet users using . It is a list of names and addresses, similar to a

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Introduction to

Image Spam. Introduction. Project description:

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Staying Safe on the Internet. Mark Schulman

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

IACA Discussion List Guidelines, Use and Subscription Management

ProofPoint Protection Perimeter Security Daily Digest and Configuration Guide. Faculty/Staff Guide

How to Stay Compliant with SMS Marketing

Cyber Security Guide. For Politicians and Political Parties

Getting Started 2 Logging into the system 2 Your Home Page 2. Manage your Account 3 Account Settings 3 Change your password 3

Security Protection

IACA Discussion List. About the IACA Discussion List. Guidelines, use and subscription management

SPAM UNDERSTANDING & AVOIDING

Security Awareness Training June 2016

South Central Power Stop Scams

A quick guide to... Permission: Single or Double Opt-in?

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

6 Ways Office 365 Keeps Your and Business Secure

Cyber Hygiene Guide. Politicians and Political Parties

Evolution of Spear Phishing. White Paper

Protection FAQs

FAQ. Usually appear to be sent from official address

RSA INCIDENT RESPONSE SERVICES

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Privacy and Security are two sides of the same coin

Financial scams. What to look for and how to avoid them.

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious

, Rules & Regulations

Security & Phishing

Machine-Powered Learning for People-Centered Security

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS S LOVE. Proactive IT Solutions.

(short for electronic mail) is a fast and convenient way to communicate with others. You can use to:

ELECTRONIC BANKING & ONLINE AUTHENTICATION

McAfee S DO s AnD DOn ts Of Online Shopping

Getting into Gmail and other inboxes: A marketer's guide to the toughest spam filters

The Cyber War on Small Business

Acceptable Use Policy

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

Recognizing & Protecting Against Fraud

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

RSA INCIDENT RESPONSE SERVICES

Computer Foundation Skills. Internet Webmail

MESSAGING SECURITY GATEWAY. Solution overview

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

FortiGuard Antispam. Frequently Asked Questions. High Performance Multi-Threat Security Solutions

BEST PRACTICES FOR PERSONAL Security

Spree Privacy Policy

Security. The DynaSis Education Series for C-Level Executives

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Acceptable Use Policy

Phishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

HOSTING SERVICES AGREEMENT

ELECTRONIC MAIL RAYMOND ROSE. Computer Technology Department 2011/12

>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?

Leading Authority Doug Kaminski On 3 Key Ways To Protect Your IP. #FearlessLaw on High Performance Counsel

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Webomania Solutions Pvt. Ltd. 2017

Acceptable Use Policy ("AUP")

Online Threats. This include human using them!

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Personal Cybersecurity

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Symantec Protection Suite Add-On for Hosted Security

Office 365 Buyers Guide: Best Practices for Securing Office 365

When you provide personal information to us it will only be used in the ways described in this privacy policy.

News English.com Ready-to-use ESL / EFL Lessons

BT Compute Protect Schedule to the General Terms

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Security and Privacy

Acceptable Use Policy (AUP)

The State of Hacked Accounts

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

Acceptable Use Policy

HIPAA 2017 Compliancy Group, LLC

Maropost s Ten Step Guide to Arriving in the Inbox

Transcription:

The Email Dilemma: Junk, Spam, or Phishing? How to Classify Unwanted Emails and Respond Accordingly Anyone who has used email has experienced this: You open up an email and immediately recognize it s not something you want to receive. This discovery often generates one or more of the following questions (which we ll get to): Is this a dangerous email or just an annoyance? How should I respond? Should I be reporting these emails to ITS? This is one of those it depends situations in life. Fortunately, there are only a few options: It s either spam, junk, or phishing, and they have the following characteristics: Email Characteristics classification Annoying Unsolicited Dangerous Junk X Spam X X Phishing X X X Now let s drill down deeper on definitions, what to examine, criteria to match elements to classification, and how to respond accordingly... Understand Definitions Junk emails are unwanted emails from legitimate businesses or other organizations for which you unwittingly signed up. For example: You installed software, and didn t notice that at the end of the dialogue you had a choice whether or not to be put on the company s email list... and the default answer was to opt in. Another way to get a junk email is when businesses harvest email lists from conference attendee, magazine subscription, or other lists without your explicit consent. Yes, these emails are annoying and unwanted, but not technically unsolicited because you agreed in the Terms and Conditions to letting a business share your email address when you signed up. However, getting off an email list should be easily remedied if the sender is ethical: Any legitimate business will provide an Unsubscribe link at the end of their mass distribution emails. It s the law! The CAN-SPAM Act requires businesses to do this.

Spam emails are unwanted and unsolicited, but do not present an imminent threat to the recipient. They are always unethical and may be criminal, depending on the content. Yes, flouting the CAN-SPAM Act is illegal, as is selling counterfeit merchandise, hyping stocks, and perhaps a few other acts based on misinformation, so we are qualifying malicious here narrowly to mean intent to steal or cause material damage, such as stealing personal information (credit card number, SSN, password, et al) or computer resources (surreptitiously using your computer s CPU and memory), ransoming information by encrypting it and extorting a fee to release it, or damaging your hardware, software, or information for political or other reasons. What s the spammer s motivation? To make a fast buck. Spammers want to drive traffic (customers) to web sites that sell shoddy, counterfeit, or even illegal services or merchandise. Sometimes the spammers own these web sites, and sometimes they are spamming-for-hire and make money by providing evidence to advertisers that they ve emailed a large volume of email addresses. Another type of spam is pump and dump emails that hype junk stocks. Regardless of how they hope to profit, spammers don t care about the inconvenience to the user incurred along the way, or if they cause the recipient to buy something that s overpriced or even worthless. Spammers are unethical at the least and criminal at worst, and never offer a way to get off of their distribution list. Phishing emails are deceptive and dangerous, present an imminent threat to the recipient and their organization, and can wreak havoc by unleashing software which can steal confidential information, hijack systems and networks, or open up back doors for intruders to survey an organization s digital assets for weeks, months, or even years. Phishing emails are an attempt to commit a crime, so they are by definition sent by cybercriminals. Unlike junk and spam, phishing emails try to fool the recipient into believing the email is something it really isn t, such as a delivery notification, IT support alert, government notice, or any other urgent message, for the purpose of catching the recipient off guard and getting them to click on a malicious link or file attachment. Clicking will install a virus or other malware on the recipient s computer. Many people don t realize that most of the widely-reported cyber breaches affecting Fortune 500 companies, nation states, and other high visibility targets, have had phishing emails as a key tactic employed in the attack. Next, let s review what to look at when examining a suspect email. Examine Indicative Message Elements Inspect the following within the suspect email: 1. Sender s email address domain (after the @ sign) and compare with purported sending organization mentioned in email message. 2. All links in the email. The text you see in an email for a link is a description, not the underlying link. Hover your cursor over each link to reveal the actual URL address (don t click!). 2

3. Unsubscribe link: Is one provided and, if so, does the actual URL point to a legitimate or suspicious web site? 4. Language content, tone, and style used in email body. Read the email and compare the tone, grammar, spelling, and style against your expectation for this type of email. 5. Email signature. The text at the end attributing the email to someone. Now that you ve assessed the indicative elements in the email, you can make a judgment as to its likely classification and then respond accordingly. Determine Classification Match Email Elements to Most Likely Email Type Email type Elements to Examine Sender s Email Domain (user@domain) Unsubscribe Link Web Links (URLs) Style/Tone Content Signature (Attribution) Junk Consistent with organization name in email body Provided, and points to legitimate web site Re-directs to reputable web sites; accurate descriptions Professional Standard business solicitation Typically signed by an actual person associated with the Spam Phishing May or may not be consistent with purported sending organization mentioned in email body. Not consistent with business or organization name mentioned in email body. Usually not provided If provided, points to malicious website. Re-directs to suspect business web sites Re-directs to illegitimate web sites or legitimate sites that have been hijacked; Links are deceptively labeled 3 Sometimes sloppy and unprofessional; keywords may be hidden in image thumbnails to avoid spam detection. Tone is urgent; recipient advised to click immediately on links or on file attachment; attempts to appear professional, but often has spelling, grammatical, or terminology mistakes. Business solicitation which may be for counterfeit or disreputable products Tries to fool user by appearing to be consistent with stated purpose. Contains a payload of malicious software in links or file attachment. organization Rarely signed by a real person, or anyone at all. Usually signed with a generic team or department name. Advanced versions may use the name of an actual employee.

Respond According to Classification Email Click on Unsubscribe link (if type provided) Junk X X Spam X Phishing Select Junk=>Block Sender (when reading or when selected in list in Inbox) Report to ITS (forward to IT@Framingham.edu) X Final Thoughts There will always be exceptions: The classification taxonomy presented here is a guide based on common traits, so an email may not have all the aforementioned characteristics in a classification, yet still be within that family of emails. For example, for phishing identification, a very important clue is if the email domain (the part of the email address after the @ sign) is different from the organization purported to be sending the email. If it isn t consistent, then it is almost certainly phishing. For example, if the sender is supposedly a Framingham State University employee, but the email address is JaneDoe@Frammingham.edu or JaneDoe@Framingham.net, then the email is very likely phishing, because neither one of those match our domain. But, this is not always a reliable indicator: Phishers and spammers sometimes hijack legitimate email accounts for the purpose of sending out phishing and spam. The most reliable clue is if one or more links in the email, or the file attachment, has a malicious payload. Unfortunately, visual inspection is insufficient -- it usually takes expertise and tools to determine if a file or link is malicious. There no one-size-fits-all response: What s effective is determined largely by the behavior and intent of the sender. Flagging a spam or phishing email as Junk (in order to block the sender) is often ineffective, since spammers change, obscure, and forge their sending addressing in an attempt to evade spam detection technology but it can t hurt. Similarly, spammers don t honor unsubscribe requests, and clicking any link in a phishing email is risky, so unsubscribing is only a viable option for Junk email from legitimate businesses. Phishing emails are like a biohazard they shouldn t be handled by a novice, so alert ITS and don t click on anything if you have a suspected phishing email in your Inbox. ITS also wants to know about phishing emails so we can alert our user community when either pernicious or persistent examples appear here. ITS has technologies that attempt to filter out spam and phishing emails, but they are not foolproof. What should you do if you are unsure? ITS is here to help, so if you are still unsure about whether an email is a phishing email, don t click on anything in the message just forward it to IT@Framingham.edu, or open an incident in myit and attach the email. ITS will examine the email and let you know if it is a phishing email. Confirmed and suspected phishing emails should be deleted from your Inbox, and then deleted again from your Deleted Items folder in Outlook, as there have been cases of users in other organizations recovering phishing emails from their Trash or Junk folders and clicking in them, with serious consequences. 4

Questions? Email IT@Framingham.edu. Author Publication Date Last Review Date Bryce Cunningham Director, Information Security Information Technology Services Framingham State University 10/11/2017 10/11/2017 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback