Fortinet has reminded corporate users in the Philippines that email remains one of the most vulnerable vectors targeted by cybercriminals. The cyber-attacks are likely to happen to organizations that have yet to implement strong email security controls and best practices.
According to the Verizon Data Breach Investigations report, two-thirds of installed malware are actually delivered by email.
To gain access into an organization’s network, cybercriminals often use phishing or social engineering techniques in emails, thus counting on human error or a lack of cybersecurity know-how to trick users into providing login credentials or initiating fraudulent transactions, as well as to unknowingly install malware, ransomware and other malicious payloads.
“Due to the ubiquity of email, it continues to be a common attack vector for cybercriminals seeking to steal login credentials, money, and sensitive data,” said Mario Luis Castaneda.
“The top email-based cyber-attacks carried out by cybercriminals today include phishing or spear-phishing, man-in-the-middle attacks and zero-day vulnerabilities. Companies must therefore ensure they have strong security controls in place to detect and prevent these email attacks,” Castaneda added.
To help ensure email security, Fortinet’s cybersecurity experts advised users to:
Filter spam Because most email scams begin with unsolicited commercial email, one should take measures to prevent spam from getting into the mailbox. Most email applications and web mail services include spam-filtering features, or ways in which email applications can be configured to filter spam.
Regard unsolicited email with suspicion Don’t automatically trust any email sent by an unknown individual or organization. Never open an attachment to unsolicited email. Most importantly, never click on an unknown link in an email. Cleverly crafted links can take users to forged web sites set up to trick them into divulging private information or downloading viruses, spyware, and other malicious software.
Treat email attachments with caution Email attachments are commonly used by online scammers to sneak a virus onto computers. These viruses can help the scammer steal important information from the computer, compromising the computer so that it is open to further attack and abuse, and convert a computer into a ‘bot’ for use in denial-of-service attacks and other online crimes. As noted above, a familiar “from” address is no guarantee of safety because some viruses spread by first searching for all email addresses on an infected computer and then sending itself to these addresses.
Install antivirus software Users should install an antivirus program that has an automatic update feature. This will help ensure users to always have the most up-to-date protection possible against viruses.
Install a personal firewall and keep it up to date A firewall will not prevent scam email from making its way into users’ mailbox. However, it may help protect users should they inadvertently open a virus-bearing attachment or otherwise introduce malware to their computer. The firewall, among other things, will help prevent outbound traffic from a user’s computer to the attacker. When a personal firewall detects suspicious outbound communications from a user’s computer, it could be a sign that the user has inadvertently installed malicious programs on his computer.