How to Defend the Email Inbox

Everyone knows what email is, and most people, are also members of email lists too. Unfortunately, everyone also knows about SPAM, but not everyone knows how to defend the email inbox

A computer screen with 999 unread messages
Can Spam Act 2003

    In an effort to curtail  SPAM, the CAN-SPAM act 2003, enacted by Congress, was passed to defend your email inbox.  That’s over 19 years ago, and no revisions.  It was and is an effective method to limit unwanted messages: but as a law, it did not address the technical obstacles and fundamental problems that remain; therefore, SPAM continues to be delivered to inboxes.

SPAM, being annoying, misleading, and costly was the catalyst that spurred email authentication.  Email authentication is the process by which an ISP can verify the identity of the email sender.

Email authentication started around 2004 with SPF.  This was developed in response to SPAMMERS using forged email addresses (also known as spoofing) to get their messages delivered.

Today, SPF continues to be one way to defend the email inbox.  Other email authentication tools were developed also, which include DMARC, DKIM, and BIMI.  However, none of these tools are 100% effective when it comes to SPAM. 

Regardless of proper protocols in place, the SPAMMERS are non-stop.  They continue to send spoofed emails, pretending to be someone they are not.  Most commonly spoofed email is known as phishing.

What does phishing catch?


Phishing catches your data.  One of their goals is to obtain your private, or sensitive information.  They do this by falsifying their identity, pretending to be someone you know, doing business with, or from a reputable, legitimate organization.  If they are successful, you may become another victim of identity theft.

Victims of phishing are also prime targets for malware and ransomware distribution.  This is done by inviting the victim to click a link or download a file, which can install malicious software on your computer.  To avoid being spoofed it’s always a good idea to verify the real sender. Defend your email inbox by:

  1. Reviewing the email headers.
  2. Read the FROM address associated with the organization: i.e. is the email from a Gmail account when the Subject states, they are from Microsoft?
  3. Hovering over the link (for example) with your mouse and read the URL that link will take you to. Is the link really from paypal.com or some foreign address?
  4. Call the organization and ask them if they sent an email.
  5. Deleting the email if you’re in doubt.

SPAMMERS or email hackers are very successful, be proactive in defending your inbox.

 

The art of Spear Phishing

Spear phishing is a direct attack on an individual or on a group of people who work in the same organization, field, or industry.  This type of attack plays on the recipient’s character and level of trust.  This type of assault tries to trick the email recipient into performing an action, based on their “trust” for the sender. 

For example, the phisher sends an email to a group of office workers in the same organization from the “accounting department” with a request to review changes that affect their direct deposit account: The message may include a fake routing and checking account number, asking the victims to reply with okay if the information is correct or follow a link to change the information. Unknowingly some may never question this email and reply with their account numbers.

A whale of a story

Whaling is another type of spear phishing.  This type o attack involves email aimed at a big fish: such as the high-level executive, or the person who has access to payroll, or financials.

It is similar to spear phishing, as this type of attack is based on the misguided trust for the sender.  These types of emails require more time and patience on the email hacker’s end, as they need to collect information about the victim, and use this information to craft just the right targeted email so it seems legitimate.  

Tools of the trade for the phisher include Social Media accounts, company- posted profiles, public records, career history, a simple search of the victim’s name, and paid-for background reports.  Data breaches can reveal passwords, commonly sold on the dark web as is other personal and private information.   

Is it possible to defend your email inbox?
         

Whoever we choose for an email provider the majority of domains have a solid email authentication requirement.  The result is less SPAM from those messages without authentication.

 However, phishing remains a problem. Like any software program, email spammers continue to update their attack methods to bypass email defenses. and hacks. Even with email security and authentication protocols, the next best defense to defend your inbox is phishing awareness education. 

Questions about email list services and email authentication?  Ask Dundee.

Cartoon of someone with a wooden sword saying DEFEND