Emails – as we know is a very efficient way to communicate without physically visiting the intended recipients. Emails have been with us from many years and initial take for email was to reduce time and effort in communication.
But recently emails are being used for social engineering and phishing. Forget about the good old days where you were receiving emails only from known parties. Now even prince of Nigeria have your email and wants to give you money.
As an security researcher and a SOC analyst, have noticed that email communication is top and one of most used channel to transfer these malicious files. It’s like yelling name John in a crowd. Somebody will eventually respond.
Detecting suspicious emails ?
- Language – typos and grammar will be there – sometimes they are not.
- Sender domain – may have typo or a legitimate one.
- Roll over you mouse to the embedded links in the email and you will see random site.
- Attachment – names are too close or suspicious.
The best way to fight this is with user awareness. Emails exploit most vulnerable entity – HUMAN. A mind where curiosity inevitably kills the cat.
Attackers thrives on 2 human characteristics – FEAR and CURIOSITY.
- FEAR – we have noticed a suspicious transaction on your account. Please click on this link to change the password.
- CURIOSITY – sorry we have missed you and have a package waiting for you. Please open the attached file to get more information. There is package indeed but for your PC – malware I mean 🙂
Other ways to detect :
- Mail gateways with proper monitoring
- DLP – can be used to monitor the content of the email.