It’s D-Day in the war against cybercriminals, and email systems are like Omaha Beach in Normandy. They’re open, easily accessible, and—right now—crawling with invaders.
Sometimes, even sophisticated organizations find their defenses have been penetrated not by malware that can disguise itself from firewalls but through email. This was the case with healthcare insurance company Magellan.
On May 12, 2020, they sent out a letter to victims saying they had been hit by a ransomware attack. The perpetrators exfiltrated personal information, logins, and tax data belonging to as many as 365,000 patients. But the attackers didn’t use a complex, highly engineered threat avoidance system to penetrate Magellan’s network. They used email—specifically, a phishing attack.
The attackers sent an email pretending to be one of Magellan’s clients. They then leveraged this false identity to steal the credentials they needed to connect to Magellan’s system and gain access to sensitive data.
This begs the question: If big, powerful companies with advanced cyber defense systems can succumb to an email attack, is there any way to defend against these threats?
Fortunately, the answer is yes.
Why Email Security Matters
As mentioned at the outset, email is a lot like a wide-open beach, inviting attackers to come ashore. With a literal beach, the boats that approach are mostly innocent, and there may be scores of them every day. Because there are so many coming in all the time, differentiating a bad actor from an innocent visitor can be challenging.
It’s the same with email. Inboxes are constantly inundated with message after message, and if someone knows how to disguise their intentions, they can easily fool an unsuspecting recipient. In addition, billions use email as a communication tool, which means a hacker adept at stealing credentials by posing as a legitimate sender can have access to an unlimited number of targets.
Email security addresses these vulnerabilities. Naturally, no system is 100% foolproof. But with the right tools and strategies, you can reduce the chances of your employees falling for an email attack. This is why the list of ways to improve email security below starts with the most important step: educating employees.
The Best Ways to Improve Email Security in Organizations
The most effective steps you can take to improve email security include:
A recent study reveals that 2.94% of employees click on malicious links and 0.78% forward malevolent emails. How can you tell a legitimate email from a phishing attack? More importantly, do your employees know how to tell the difference?
We’re not talking about emails from Nigerian princes or super-scammy messages stuffed with mistakes like “Face book” or “BankingAmerica.com.” The question is can your employees tell the difference between a legit-looking scam email and one that’s actually from who it’s supposed to be?
In some cases, the answer is no, and it only takes one click to compromise your entire network.
Teaching Employees How to Spot Fraudulent Emails
Even if people are trained to look at the email header to see whom it came from, that may not be enough. It’s relatively easy for a hacker to fake an email header, making it appear as if it comes from someone else. Here are some ways to verify whether the email comes from the person it claims to have originated from:
1. Hover over the name of the sender or double-click to see who sent it
Position your cursor over, long-tap, or double-click the name of the sender to reveal the actual sender’s address.
Why does this work?
The email application, such as Outlook or Gmail, needs this information for sending a reply. Also, the sender’s address is automatically generated based on the metadata included by the message’s origin server.
2. Click “Reply” and then check the address the reply is going to be sent
If the address you see after clicking “reply” doesn’t match who you think the sender is, chances are you’re looking at a fraudulent email. This is a safe step because you’re not clicking a potentially dangerous link in the body of the email nor are you sending a real reply.
Why does this work?
Your email application uses the sender’s actual address for the reply-to destination. While a hacker can fake the address the recipient sees, it’s unlikely that they’ve replaced your email client with a fake program that would show you a fake reply-to address.
3. Check the return path info
Checking the return path shows you the domain the email came from. For example, suppose the email was sent from John Doe who works at a firm called Doe, Dunn, and James. The company’s web URL is www.DoeDunnJames.com. When you check the return path, it may say something like postmaster@cio19630.DoeDunnJames.com. What you’re looking for is the correct URL at the end. If the email came from a hacker, the return path would likely end differently, with something like firstname.lastname@example.org.
Why does this work?
This approach works because it shows where the message came from. Anything other than what you’d expect to see is highly indicative of an attack.
Here’s how to check the return path:
- In your email program, view the original message. In Gmail, for instance, you click the vertical three dots next to the Reply icon, and select “Show original.”
- To find the return path faster, do a search by hitting Command-F (Mac) or Control-F (Windows), then typing the word “return.”
- You should see a line in the text box that begins with “Return-Path.” Check the address that comes after this. If it has the correct URL, you’re good to go. If not, the email should be reported as fraudulent.
4. Check the IP address of the sender
On the same page as the return path info will be the IP address of the sender. You can find it following the line that starts with “Received:” or “Received-SPF.” The IP address may be something like 18.104.22.168. Type the following into Google: “what is 22.214.171.124”—or whatever the IP address is that you see.
If the IP address has been abused by hackers in the past, there’s a good chance it’s been reported, and the search may reveal this. Sites like abuseipdb.com provide you with a percentage probability that the address is being used for nefarious reasons.
Why does this work?
Hackers often use the same IP address to send multiple fake emails. As these get registered in a tracking system, it gets easier to identify addresses used to launch attacks.
Other Ways to Improve Email Security
Here are other methods to boost your email security—all of which involve technologies that are available through reliable security providers:
- Create and maintain secure passwords: Have employees use a secure password generator and encourage them to never let anyone know what their password is.
- Use multifactor authentication (MFA): MFA requires at least two forms of identification before allowing someone to log in, such as a username-password combination plus a passcode sent to the user’s registered mobile number.
- Use email authentication technology: Many email providers have specific authentication protocols—such as SPF, DKIM, and DMARC—all of which check whether an email is real. Ask your email provider which of these technologies your email system uses to be sure you’re protected.
Email Fraud Identified as Top Attack Vector
The U.S. Department of Justice (DOJ) recently filed a suit against a cybercriminal who used email attacks to execute $100 million worth of fraud. Phishing attacks were responsible for as many as 54% of ransomware attacks in 2020, and there are a reported 611,877 phishing sites worldwide.
Email is also the primary way hackers execute social engineering attacks, in which a hacker leverages victims’ emotions to get them to either do certain things—such as open an attachment that contains malware—or hand over information they normally wouldn’t.
Win the Battle Against Attackers with Email Security
Email security, in many ways, is fairly straightforward. It consists of two components: your employees and the technology you use to keep your email system safe. Implementing email security technology is relatively simple, particularly because you can hire a provider to both provide the tech and walk you through its implementation. You can even outsource your email security to a managed services provider (MSP).
Educating employees takes a bit more work. Use the steps outlined above to make sure they know exactly how to detect a suspicious email.