These days, most people are quite familiar with the old fashioned type of spam email, and most modern email filters do a reasonable job of keeping those types of spam out of your inbox. However, a more serious threat still impacts unaware users in the form of email spoofing. Fraudulent emails can “spoof” a legitimate email from a legitimate source to trick the recipient into downloading viral attachments or divulging personal information to a criminal source. Some spoofed emails can be quite sophisticated and difficult to detect.
Don’t Blindly Trust “From” Addresses
It is easy to alter an email message to make it appear to originate from a legitimate email address of a legitimate company, when in fact it originated from a spammer. A “From” address naming a company you recognize does not necessarily mean the email is safe. Combined with spammers using logos and images within the body of the email to make it appear official, it can be difficult to distinguish between a real email and a spoofed one.
Only Open Attachments from Trusted Senders
One reason these spoofed emails are distributed is to trick users into downloading attachments that purportedly contain important documents like forms or statements but are actually viruses or malware. Only open attachments when you’re confident about the source. Also be aware of suspicious file types – EXEs are actually programs, not documents, and it’s unusual for a form to be in this format.
Avoid Links in Emails
Another goal of these fraudulent emails is directing users to fraudulent websites that can be as sophisticated as the email itself. These websites will often ask for confirmation of usernames, passwords, or personal information that actually feeds into a database used for fraud or identity theft. Links can be altered to point to a different address than they appear to be for, so it’s better to manually navigate to a website so you know exactly where you’re going.
Confirm with the Ostensible Sender
Finally, if you receive an email from a company that you’re familiar with and do business with regularly, but are distrustful of its authenticity, it’s always a good idea to contact customer service for the company it’s supposedly from. Use contact information that you have on file or have collected from the company’s website versus information found within the suspicious email. The company can usually confirm the authenticity of the email, or help you submit it for investigation if it’s found to be fraudulent.
Password Policy Best Practice
- Passwords should be at least 8 characters long, and contain a combination of upper-case letters, lower-case letters, numbers, and symbols
- Passwords should not contain common words or phrases
- Passwords should be changed frequently, around every 90 days
Hacking attempts are a constant concern for business security. A common threat is the gathering of credentials for a business’s email server. With these credentials, miscreants can utilize the email server as a launch pad for sending spam messages. This can cause the mail server to be blacklisted by various organizations, preventing your legitimate emails from being delivered to their recipients.
A simple way to prevent this type of attack is to practice secure password policy. A number of factors go into choosing and maintaining a secure password:
Length and Complexity
Passwords are typically hacked using “brute-force” techniques that try random combinations until finding one that works. The longer and more complex your password is, the more difficult it is for hackers to ascertain it. Passwords should be at least 8 characters in length, and they should contain characters from at least three of the four groups: upper-case letters, lower-case letters, numbers, and symbols.
Passwords containing common words are the easiest to hack as the pattern of letters narrows the possibilities. It’s best to avoid using common words or names for passwords for highest security. To ensure a good combination of security and memorability, you can substitute some letters in a word for similar numbers or symbols. For example, use @ppl3 instead of apple or ta!! to replace tall.
Even the strongest password is only effective for so long. It is important to continue to change your password on a regular basis to make sure a compromised password doesn’t stick around. It is recommended to change your password at least every 90 days for good security.