IS USING INTERNET SAFE?

Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...

EMAIL BASED THREAT AND HOW TO AVOID THEM

We will count the malicious campaigns that used email as a vector of propagation in recent years, and how they evolved.

The communication is a key element for the interaction of people in all areas in which there are various ways that allow us to send and receive information. For many years, a widely used route has been postal mail, which with technological advances has been complemented by electronic mail.

Email based threat and how to avoid them
As part of the celebration of World Mail Day (October 9), we want to celebrate the use of traditional mail and e-mail alike. Therefore, without detracting from the advantages they offer us and highlighting the benefits that each medium offers, in this publication we seek to make a count of the different malicious campaigns that have used email as a vector of propagation.

Although the purpose of this celebration is to raise awareness about the role of postal mail in the daily lives of people and companies, as well as its contribution to the social and economic development of countries, in the same way, this principle is applicable to the Therefore, raising awareness about its contribution to progress and about the security risks associated with its use is also a necessary task today.

Continuous Threats That Spread, Among Other Means, Through E-Mail

It is evident that with the mass use of e-mail, it became an element helped by cybercriminals, who in an effort to take advantage of users, began to use it for malicious purposes. From then on, it was possible to identify countless campaigns that, based on the messages and attached files, sought to affect potential victims.

Hoax: Fake News via Email

The first threat is related to the hoax or “hoax”, a false news spread mainly through email (now also in messages on social networks), with misleading content that is distributed on chain because it uses shocking or sensationalist themes, that appear to come from a reliable source or because the same message requests to be forwarded.

For example, the first cases of hoaxes used to distribute announcements about excessive cyber threats, news about the closure of some web service or the request for help for patients. From its distribution, one of the purposes of this type of deception is usually the collection of addresses to send spam, generate uncertainty among the recipients or simply create fun among its creators.

First scams carried out through the mail

After knowing the scope of the email, the first scams around this useful tool appeared. Many of them were totally aimed at creating emotions among users, alluding, for example, to alleged fortunes, lotteries or inheritances to which they could be creditors.

The scam was presented after convincing the potential victims, and once they fell into the deception they had to pay an amount of money in advance, as a condition to access the non-existent fortune. At times, the amounts required were high, but to a lesser extent when compared to the supposed benefit that the victims would receive.

At this point, perhaps the most representative example corresponds to the Nigerian scam, although it is not limited to it, since in other cases the scams were translated and propagated for Spanish-speaking users.

Spam: bulk, anonymous and spam messages

From the collection of email accounts, the sending of spam or junk mail began to be used, carried out in bulk by an unknown sender. The spam is generally used for sending advertising, although it is also used to spread malicious code campaigns phishing or scams.

The massiveness, anonymity and undesirability of an email is what determines spam, although it would be enough to meet at least two of these characteristics to consider it as such, just as happened with the recent fine imposed on LinkedIn for sending emails on behalf of its users. On the other hand, despite the development of antispam technologies, we continue to see various campaigns due to the profits they can generate for their creators and because of the methods used to evade security filters.

Phishing, fishing for users through messages

Along with spam, phishing is another threat that continually spreads through email. It is closely related to the use of Social Engineering, that is, the dissuasion of people to achieve a purpose that they had not contemplated to carry out. With this, this deception technique seeks to fraudulently acquire personal and / or confidential information of the victim, such as passwords for Internet services or credit and debit card details.

To carry out the deception, the scammer impersonates a recognized person or company (generally banking institutions), and through the use of an apparent official statement, seeks to dissuade users from providing their information. This technique remains in force and campaigns are continuously recorded, such as the recent case that sought to affect Santander bank users. It is important to mention that phishing uses, in addition to emails, other means such as instant messaging systems or even telephone calls.

Malicious code spread

Last but not least, email is still used as one of the main methods of spreading computer threats such as malware. Campaigns completely aimed at spreading malicious code through message attachments are continuously observed.

This type of program has evolved to avoid including an executable file as an attachment, and instead it uses variants of malicious programs, such as the so-called macro malware, which works from a TrojanDownloader in an office file that once executed, download more harmful programs from the Internet. In the same way, other types of malware spread through the mail, for example, recent ransomware campaigns that operate on the same principle.

Some Details To Take Into Account And Warn Of These Fraudulent Emails Are:

·       Be wary of emails from unknown senders. It is possible to spoof any address, but not all scammers are that smart; they are likely to use a random email address to disclose them.

·       Be extremely careful with emails that have attachments or links. Here it is essential to have an installed and up-to-date antivirus software, which will help prevent the download of malicious code and phishing sites. For a cybercriminal, nothing is sacred: wedding invitations, unpaid bills and tax returns are frequent hooks.

·       In case of receiving mail from a known contact, it is a good practice to use other means of communication, such as asking him by instant message or via SMS if he really sent that mail.

·       Analyze the situation, that is, what the email raises and use common sense. As seen in the Messenger example, do not enter usernames and passwords anywhere. Verify that the mail service is legitimate and that it has the secure HTTPS protocol.

·       Another aspect to take care of in emails are PDF files, since sometimes they take advantage of flaws in the PDF reader, giving the attacker control of the computer. At this point it is also crucial to keep the applications used up to date, so that security patches can resolve some vulnerabilities exploited by attackers.

·       Do not spam and be careful when filling out online and paper forms, especially when there are boxes like "I want to receive additional information". Databases can change ownership or leak, and your email could fall into the wrong hands.

·       Do not store sensitive data in the "Sent" folder. Many users send their bank account or credit card details to a family member or friend on a particular occasion and then forget that information is there, so it is best to delete it. In truth, the ideal would be not to use email to send that type of data better pick up the phone.

·       Avoid the obvious security questions. It is probably very easy for a cybercriminal to find out where your elementary school is or what your mother's name is, especially if you share information from your daily life on your social networks.

·         As we have seen, messaging has evolved by leaps and bounds, shortening distances and times. But it is also used for malicious purposes, for which the user's caution and attention, in conjunction with an installed and updated security solution, can help to fully enjoy this technology, without worries.

Comments

Popular posts from this blog

HOW TO STAY UP TO DATE ABOUT KEEPING DATA SAFE?

COMPANIES INTERNET SECURITY

IS USING INTERNET SAFE?