Dynamic Net, Inc.Dynamic Net, Inc.

Dynamic Hosting.Dynamic Hosting.

Precision Thinking.Precision Thinking.

Email SecurityEmail Security

Email based threats, how to Email based threats, how to identify them, and how to avoid identify them, and how to avoid

them.them.

The SPAM EpidemicThe SPAM Epidemic

Every day, over 31 billion email messages are Every day, over 31 billion email messages are sent across the internet. On average, 70%- 80% sent across the internet. On average, 70%- 80% of these emails are considered Spam; Unsolicited of these emails are considered Spam; Unsolicited email. But what does spam have to do with email. But what does spam have to do with security?security?

Data destruction and theft are the number one Data destruction and theft are the number one issues affecting both individuals and businesses issues affecting both individuals and businesses on the Internet. The single easiest way to get the on the Internet. The single easiest way to get the data these criminals crave is to waltz right into a data these criminals crave is to waltz right into a computer or network on this wave of spam email. computer or network on this wave of spam email.

What Are the Dangers Associated What Are the Dangers Associated with Malicious Email?with Malicious Email?

Identity theft and associated Data Loss.Identity theft and associated Data Loss. One of the key ways spammers infiltrate the One of the key ways spammers infiltrate the

business community is through identity theft and business community is through identity theft and the FTC estimates that Identity theft will cost the FTC estimates that Identity theft will cost businesses in the United States more than $8 businesses in the United States more than $8 billion in 2006.billion in 2006.

Identity theft affects businesses and isn’t just Identity theft affects businesses and isn’t just limited to personal credits cards and cell phones. limited to personal credits cards and cell phones. Corporate data can be stolen just as easily which Corporate data can be stolen just as easily which can lead to financial losses, lost clients, lost can lead to financial losses, lost clients, lost productivity, and massive fees associated with productivity, and massive fees associated with cleanup and stabilization of internal data.cleanup and stabilization of internal data.

What Are the Dangers Associated What Are the Dangers Associated with Malicious Email? (continued)with Malicious Email? (continued)

Destruction/Loss of DataDestruction/Loss of Data If theft of sensitive client data is the biggest fear of If theft of sensitive client data is the biggest fear of

a small business, destruction of that data can’t be a small business, destruction of that data can’t be far behind. Most have backups of critical data, but far behind. Most have backups of critical data, but what happens if the backup fails- or worse- is what happens if the backup fails- or worse- is corrupted by the malicious code of a virus, for corrupted by the malicious code of a virus, for example?example?

It’s difficult to measure cleanup costs because It’s difficult to measure cleanup costs because companies loath reporting incidents, but the FBI companies loath reporting incidents, but the FBI polled 269 private respondents and they admitted polled 269 private respondents and they admitted spending a staggering $141 million in cleanup fees spending a staggering $141 million in cleanup fees last year (2004).last year (2004).

What Can My Business Do?What Can My Business Do?

The following will deal with some common The following will deal with some common email security risks as well as how to protect email security risks as well as how to protect yourself and business from stepping on one yourself and business from stepping on one of the many landmines planted by hackers of the many landmines planted by hackers and criminals before they cost you or your and criminals before they cost you or your company more than you ever want to risk.company more than you ever want to risk.

Email VirusesEmail Viruses

Viruses have been the most commonly known and most Viruses have been the most commonly known and most often addressed issue related to internet, data, and email often addressed issue related to internet, data, and email security. Still, many fail to properly address these threats security. Still, many fail to properly address these threats and protect themselves from catastrophe. In 2004, despite and protect themselves from catastrophe. In 2004, despite the common use of antivirus software, over 37 MILLION the common use of antivirus software, over 37 MILLION computers were infected by a virus.computers were infected by a virus.

Despite often being preventable, viruses continue to Despite often being preventable, viruses continue to destroy valuable data and cripple computers every day.destroy valuable data and cripple computers every day.

These outbreaks tend to hit small or medium business the These outbreaks tend to hit small or medium business the hardest because of limited budgets and a small or non-hardest because of limited budgets and a small or non-existent IT staff. Protecting your business from a virus isn’t existent IT staff. Protecting your business from a virus isn’t all that difficult, but the issue lies predominantly in effort (or all that difficult, but the issue lies predominantly in effort (or lack thereof), diligence, and education.lack thereof), diligence, and education.

How to Prevent a VirusHow to Prevent a Virus

1.1. Make sure every computer in your office is equipped Make sure every computer in your office is equipped with antivirus software. Perhaps more importantly, with antivirus software. Perhaps more importantly, make sure it is properly configured and up to date (the make sure it is properly configured and up to date (the number one shortfall among victims of a virus or number one shortfall among victims of a virus or worm).worm).

2.2. Make sure Antivirus applications are properly Make sure Antivirus applications are properly configured to check incoming AND outgoing configured to check incoming AND outgoing messages. Not only is it important to know when a messages. Not only is it important to know when a virus is coming in, but scanning outgoing messages will virus is coming in, but scanning outgoing messages will stop you from potentially spreading anything your stop you from potentially spreading anything your computer has contracted. This also allows you to snuff computer has contracted. This also allows you to snuff the problem out before it causes damage to others.the problem out before it causes damage to others.

How to Prevent a Virus (continued)How to Prevent a Virus (continued)

3.3. Never open attachments from unknown parties.Never open attachments from unknown parties.4.4. Never open unexpected attachments from known parties. Never open unexpected attachments from known parties.

Just because you recognize the email address doesn’t Just because you recognize the email address doesn’t mean the attachment is valid.mean the attachment is valid.

5.5. Always use an email host that filters for viruses. Why Always use an email host that filters for viruses. Why deal with a virus on your own computer if you can have it deal with a virus on your own computer if you can have it taken care of without ever seeing it?taken care of without ever seeing it?

6.6. Make sure Operating System (usually Windows) patches Make sure Operating System (usually Windows) patches are applied as soon as they are released. The timeframe are applied as soon as they are released. The timeframe between vulnerability discovery and virus release is between vulnerability discovery and virus release is getting shorter all the time.getting shorter all the time.

How to Prevent a Virus (continued)How to Prevent a Virus (continued)

7.7. Many computers are set to automatically download Many computers are set to automatically download patches, but these programs sometimes fail- make sure patches, but these programs sometimes fail- make sure you check for updates manually at least once every you check for updates manually at least once every week.week.

8.8. Education and policies are key. If employees do not Education and policies are key. If employees do not understand the risks and what they must do to prevent understand the risks and what they must do to prevent the inevitable, the entire office could be open to a the inevitable, the entire office could be open to a catastrophic compromise of data integrity including client catastrophic compromise of data integrity including client financial data.financial data.

9.9. This list probably sounds like a broken record, but This list probably sounds like a broken record, but sometimes the basics are the best place to start. You sometimes the basics are the best place to start. You may be surprised by how many simple preventative steps may be surprised by how many simple preventative steps AREN’T being taken in your very own office.AREN’T being taken in your very own office.

Keyloggers, Spyware, and Keyloggers, Spyware, and Trojans.Trojans.

Another fairly common set of risks are Another fairly common set of risks are Keyloggers, Spyware, and Trojans. All of Keyloggers, Spyware, and Trojans. All of these threats are designed to give up these threats are designed to give up control of your system in one way or control of your system in one way or another and can be very dangerous.another and can be very dangerous.

TrojansTrojans

A Trojan is often distributed as part of a A Trojan is often distributed as part of a virus, but its calling card is its ability to fly virus, but its calling card is its ability to fly under the radar by disguising itself as a valid under the radar by disguising itself as a valid file or program. Often times, Trojans work file or program. Often times, Trojans work with other malicious software in tandem.with other malicious software in tandem.

The Trojan Horse is primarily designed to The Trojan Horse is primarily designed to get in the door and the malware does the get in the door and the malware does the dirty work of securing the data it is designed dirty work of securing the data it is designed to steal or destroy.to steal or destroy.

SpywareSpyware

The Malicious running mate of the Trojan is The Malicious running mate of the Trojan is normally some form of Spyware. Spyware is often normally some form of Spyware. Spyware is often times installed without the knowledge of the user times installed without the knowledge of the user and can infiltrate a network through downloads, a and can infiltrate a network through downloads, a virus, an email attachment, a click of a pop-up virus, an email attachment, a click of a pop-up window, or even by simply receiving an email.window, or even by simply receiving an email.

Spyware is designed to Spy on a victim. Spyware is designed to Spy on a victim. Sometimes this data is used for something as Sometimes this data is used for something as “innocent” as market research, but even in that “innocent” as market research, but even in that context, it violates privacy and slows context, it violates privacy and slows computers/compromises data integrity. At its computers/compromises data integrity. At its worst, Spyware is far more dangerous.worst, Spyware is far more dangerous.

Spyware- Did You Know??Spyware- Did You Know??

If your email program (Such as Outlook) accepts If your email program (Such as Outlook) accepts HTML email, there are pieces of software that can HTML email, there are pieces of software that can be installed through the preview pane of the email be installed through the preview pane of the email box. By simply clicking on an email in Outlook, the box. By simply clicking on an email in Outlook, the default setting allows for a “preview pane” where default setting allows for a “preview pane” where messages can be read. What many don’t messages can be read. What many don’t understand is simply viewing email in the HTML understand is simply viewing email in the HTML enabled preview pane can execute some enabled preview pane can execute some malicious code on your computer and lead to a malicious code on your computer and lead to a loss of data integrity on your network!loss of data integrity on your network!

A recent poll revealed that the average computer A recent poll revealed that the average computer has 29 pieces of spyware running on it!has 29 pieces of spyware running on it!

Key Stroke LoggersKey Stroke Loggers

Software Keyloggers are perhaps the most Software Keyloggers are perhaps the most frightening of all threats that can attack via email. frightening of all threats that can attack via email. The primary goal of keyloggers is recording The primary goal of keyloggers is recording keystrokes in specific ways with the goal of storing keystrokes in specific ways with the goal of storing and sending that information to the hacker or and sending that information to the hacker or hackers that created the tool.hackers that created the tool.

The most common and damaging way keyloggers The most common and damaging way keyloggers are used involves silently recording passwords, are used involves silently recording passwords, credit card data, and other sensitive information credit card data, and other sensitive information that is then transmitted from your computer to a that is then transmitted from your computer to a remote user. At that point, they can do whatever remote user. At that point, they can do whatever they wish with that data. they wish with that data.

Protecting yourself from Trojans, Protecting yourself from Trojans, Spyware, and Keyloggers Spyware, and Keyloggers

First and foremost: The best security and First and foremost: The best security and related policy is always built on layers. The related policy is always built on layers. The best way to protect a system and network best way to protect a system and network from these intrusions always starts with the from these intrusions always starts with the same methods one would use to prevent the same methods one would use to prevent the spread of a virus, but additional measures spread of a virus, but additional measures must be taken for these new risk BEYOND must be taken for these new risk BEYOND those measures.those measures.

Protecting yourself from Trojans, Protecting yourself from Trojans, Spyware, and Keyloggers Spyware, and Keyloggers (continued)(continued)

1.1. Make sure your Internet Browser (often times Explorer on Make sure your Internet Browser (often times Explorer on Windows) and mail program are both completely up to Windows) and mail program are both completely up to date with the latest patches and check for new releases date with the latest patches and check for new releases frequently. These threats can reach your system in more frequently. These threats can reach your system in more way that one.way that one.

2.2. Keyloggers and Trojans often aren’t detected by Antivirus Keyloggers and Trojans often aren’t detected by Antivirus systems, so make sure you have a good spyware systems, so make sure you have a good spyware detection and removal tool OR verify your Antivirus detection and removal tool OR verify your Antivirus program handles these spyware threats as well. Make program handles these spyware threats as well. Make sure this software is update and run regularly as new sure this software is update and run regularly as new threats can burrow in at any time.threats can burrow in at any time.

Protecting yourself from Trojans, Protecting yourself from Trojans, Spyware, and Keyloggers Spyware, and Keyloggers (continued)(continued)

3.3. Consider disabling HTML in your email box to protect Consider disabling HTML in your email box to protect against threats that can execute themselves through a against threats that can execute themselves through a preview pane.preview pane.

4.4. Make sure any sensitive data that must be stored on a Make sure any sensitive data that must be stored on a computer is centralized, password protected, and encrypted.computer is centralized, password protected, and encrypted.

5.5. Consider installing a personal firewall on each computer or Consider installing a personal firewall on each computer or at least enabling a firewall built into the operating system of at least enabling a firewall built into the operating system of the computer. Firewalls can’t save the world by themselves, the computer. Firewalls can’t save the world by themselves, but a good personal firewall monitoring incoming AND but a good personal firewall monitoring incoming AND outgoing traffic from an individual computer will be a good outgoing traffic from an individual computer will be a good way to find out if anyone is attempting to break in. It will also way to find out if anyone is attempting to break in. It will also give you an idea as to whether or not anyone or thing is give you an idea as to whether or not anyone or thing is attempting to have your computer send data out.attempting to have your computer send data out.

PhishingPhishing

Phishing attacks use both social engineering and technical Phishing attacks use both social engineering and technical subterfuge to steal personal identity data, financial account subterfuge to steal personal identity data, financial account credentials, passwords, and more. In plain English, these credentials, passwords, and more. In plain English, these emails are designed to fool the recipient into providing data emails are designed to fool the recipient into providing data the Phisher (criminal) wants to ascertain. They normally the Phisher (criminal) wants to ascertain. They normally attack via email and get the information they need by attack via email and get the information they need by installing keyloggers, coercing the victim, or fooling the installing keyloggers, coercing the victim, or fooling the victim into providing data in a form or on a web site.victim into providing data in a form or on a web site.

Generally, what separates Phishing from other malicious Generally, what separates Phishing from other malicious activity is the intent. Phishing is a profit-driven attack, plain activity is the intent. Phishing is a profit-driven attack, plain and simple. While many threats are designed to destroy or and simple. While many threats are designed to destroy or corrupt data for the sake of chaos or notoriety in the hacker corrupt data for the sake of chaos or notoriety in the hacker community, Phishing has the intention of stealing data for community, Phishing has the intention of stealing data for personal financial gain.personal financial gain.

Phishing (continued)Phishing (continued)

Phishing normally has one of two objectives- Phishing normally has one of two objectives- stealing an identity for profit or stealing information stealing an identity for profit or stealing information for small ransom fees. for small ransom fees.

Many individuals in the U.S. have their identities Many individuals in the U.S. have their identities stolen every year, but the real corporate risk stolen every year, but the real corporate risk involves company data phishers can get their involves company data phishers can get their hands on. hands on.

Just imagine how much a company stands to lose Just imagine how much a company stands to lose if a phishing scam coupled with a keylogger if a phishing scam coupled with a keylogger reveals login credentials for an accounting reveals login credentials for an accounting program, a corporate credit card, or private client program, a corporate credit card, or private client information? information?

Phishing (continued)Phishing (continued)

The main goal of a Phishing email is to provoke a The main goal of a Phishing email is to provoke a reaction from the recipient. They normally achieve reaction from the recipient. They normally achieve this by spoofing (faking) email addresses from this by spoofing (faking) email addresses from large companies and sending very professional large companies and sending very professional and accurate corporate emails. In that email, they and accurate corporate emails. In that email, they will normally ask the victim to click on a link to the will normally ask the victim to click on a link to the site in order to verify some personal data (normally site in order to verify some personal data (normally a username, password, or credit card). These a username, password, or credit card). These emails normally relay an immediacy such as emails normally relay an immediacy such as “before your account is suspended”, and often are “before your account is suspended”, and often are bold enough to warn of Phishing scams in that bold enough to warn of Phishing scams in that very Phishing email! very Phishing email!

Phishing (continued)Phishing (continued)

Some of the most popular companies these Some of the most popular companies these criminals fake are the biggest ones in the criminals fake are the biggest ones in the world like eBay, Citibank, Paypal, etc. They world like eBay, Citibank, Paypal, etc. They use these large companies as cover use these large companies as cover because their phishing spam is more likely because their phishing spam is more likely to reach a match- someone who has an to reach a match- someone who has an account with that company.account with that company.

Phishing (continued)Phishing (continued)

Once you click on the link, they use one of many Once you click on the link, they use one of many technologies to direct you where they want you to go- their technologies to direct you where they want you to go- their trap. These sites almost always match the real corporate trap. These sites almost always match the real corporate sites exactly and it’s difficult for even professionals to tell sites exactly and it’s difficult for even professionals to tell the difference between real and fake. the difference between real and fake.

When you complete the task they request, nothing horrible When you complete the task they request, nothing horrible happens right away that would set off an alarm in the happens right away that would set off an alarm in the victim’s mind, but the phisher now has enough data to start victim’s mind, but the phisher now has enough data to start using your identity for whatever purpose they have. using your identity for whatever purpose they have.

It’s very difficult to track these scam sites because they It’s very difficult to track these scam sites because they never stay in one place for more than a couple days, so the never stay in one place for more than a couple days, so the primary objective is educating potential victims on tips to primary objective is educating potential victims on tips to avoid these criminals so both employees and clients avoid these criminals so both employees and clients remain safe from these attacks remain safe from these attacks

Phishing (continued)Phishing (continued)

Legal experts worry that compromised Legal experts worry that compromised companies could be open to legal action companies could be open to legal action from clients for failing to protect private data.from clients for failing to protect private data.

Phishing could have the largest impact on Phishing could have the largest impact on businesses when these criminals target the businesses when these criminals target the identity of an employee in order to gain identity of an employee in order to gain access to the real honey pot: your clients.access to the real honey pot: your clients.

Phishing: Did You Know??Phishing: Did You Know??

Phishing is one of the main reasons identity Phishing is one of the main reasons identity theft has been the fastest growing crime in theft has been the fastest growing crime in the U.S. for the past 5 years running.the U.S. for the past 5 years running.

9.9 million people in the U.S. had their 9.9 million people in the U.S. had their identities stolen last year alone.identities stolen last year alone.

Companies reported losses of over $8 billion Companies reported losses of over $8 billion due to identity theft in 2004 with actual due to identity theft in 2004 with actual numbers estimated much higher. numbers estimated much higher.

Phishing: Did You Know?? Phishing: Did You Know?? (continued)(continued)

The term “Phishing” originates from a combination of The term “Phishing” originates from a combination of hacking phrases.hacking phrases.

““Fish” is a common term when using social engineering to Fish” is a common term when using social engineering to steal passwords or information.steal passwords or information.

The “PH” in place of “F” is a common hacker way of The “PH” in place of “F” is a common hacker way of spelling. This originated with John Draper, who developed spelling. This originated with John Draper, who developed one of the first methods of hacking called “Phone one of the first methods of hacking called “Phone Phreaking” in 1971. He achieved this task by inventing a Phreaking” in 1971. He achieved this task by inventing a “blue box” and using a toy whistle found in boxes of Cap’n “blue box” and using a toy whistle found in boxes of Cap’n Crunch that blew a frequency of exactly 2600 Hz. The tone Crunch that blew a frequency of exactly 2600 Hz. The tone from the whistle gave him full access to the entire phone from the whistle gave him full access to the entire phone system.system.

How to Avoid Phishing ScamsHow to Avoid Phishing Scams

As stated earlier in this presentation, all As stated earlier in this presentation, all security is built in layers, so all steps to security is built in layers, so all steps to avoid a virus, keylogger, trojans, phishing avoid a virus, keylogger, trojans, phishing scams, etc. are built on the critical bases of scams, etc. are built on the critical bases of protection already established.protection already established.

Each layer and helpful hint from the Each layer and helpful hint from the previous sections provides crossover previous sections provides crossover protection to help thwart phishing scams.protection to help thwart phishing scams.

How to Avoid Phishing Scams How to Avoid Phishing Scams (continued)(continued)

1.1. While Phishing has become more While Phishing has become more sophisticated over the years, the first keys sophisticated over the years, the first keys to anything out of the ordinary are spelling to anything out of the ordinary are spelling and grammatical errors. Most of the and grammatical errors. Most of the scams are smarter than this, but these scams are smarter than this, but these types of errors are a huge red flag.types of errors are a huge red flag.

2.2. Never reply with sensitive data in an email Never reply with sensitive data in an email or form requesting it- a reputable company or form requesting it- a reputable company will NEVER ask you to. will NEVER ask you to.

How to Avoid Phishing Scams How to Avoid Phishing Scams (continued)(continued)

3.3. Beware of any links embedded in email. They Beware of any links embedded in email. They often transpose a few letters for their fake site or often transpose a few letters for their fake site or add additional characters before or after the main add additional characters before or after the main web address for an easy way to direct you to web address for an easy way to direct you to their trap (ex. their trap (ex. www.123AOLConfirm.comwww.123AOLConfirm.com).).

4.4. Never click on any of the links in an email if you Never click on any of the links in an email if you are unsure whether the request is legitimate or are unsure whether the request is legitimate or not. Always open up a separate browser and not. Always open up a separate browser and type the main web address in yourself. If there is type the main web address in yourself. If there is an urgent alert to clients of a major company an urgent alert to clients of a major company being sent out via email, there will an being sent out via email, there will an announcement on their web site.announcement on their web site.

How to Avoid Phishing Scams How to Avoid Phishing Scams (continued)(continued)

5.5. For a quick reference on the latest Phishing For a quick reference on the latest Phishing scams (and past scams as well), check scams (and past scams as well), check http://http://www.antiphishing.orgwww.antiphishing.org//. When you become . When you become aware of a new scam, there’s a decent chance aware of a new scam, there’s a decent chance someone else in the office was also contacted, someone else in the office was also contacted, so communicate with one another to help avoid so communicate with one another to help avoid these pitfalls.these pitfalls.

6.6. If all else fails, call the company directly, but If all else fails, call the company directly, but never be intimidated by the urgency of the email. never be intimidated by the urgency of the email. The more urgent the email is, the more likely it’s The more urgent the email is, the more likely it’s a fake.a fake.

Make Sure These Threats Never Make Sure These Threats Never Reach your InboxReach your Inbox

The best defense is making sure threats The best defense is making sure threats never reach your network. Make sure the never reach your network. Make sure the company handling your email is scrubbing it company handling your email is scrubbing it for viruses, spam, content, etc. for viruses, spam, content, etc.

While this layer doesn’t guarantee success, While this layer doesn’t guarantee success, prevent all attacks, or remove the need for prevent all attacks, or remove the need for all other measures included in this all other measures included in this presentation- it’s a critical first step in presentation- it’s a critical first step in keeping your computer and network safe. keeping your computer and network safe.

Make Sure Every Computer is Make Sure Every Computer is Patched and Up to Date.Patched and Up to Date.

Make sure you stay up to date on all of your Make sure you stay up to date on all of your internal countermeasures (operating system internal countermeasures (operating system patches, firewall updates, antivirus updates, etc.). patches, firewall updates, antivirus updates, etc.).

Many threats can be avoided by simply keeping up Many threats can be avoided by simply keeping up to date and the rest can be managed by utilizing to date and the rest can be managed by utilizing sound policies built on the information and tips like sound policies built on the information and tips like the ones we’ve included. A clearly understood the ones we’ve included. A clearly understood policy will help eliminate potential human error. policy will help eliminate potential human error.

This has been mentioned throughout the This has been mentioned throughout the presentation, but it can’t be overemphasized!presentation, but it can’t be overemphasized!

Change Those Passwords!Change Those Passwords!

Make sure your policy includes passwords.Make sure your policy includes passwords. Strong passwords (uppercase and lowercase Strong passwords (uppercase and lowercase

letter, numbers, etc.) that would be impossible to letter, numbers, etc.) that would be impossible to guess are optimal. guess are optimal.

If this isn’t practical, make sure your policy If this isn’t practical, make sure your policy includes stipulations on how long a password includes stipulations on how long a password should be used before it’s changed and make should be used before it’s changed and make sure employees do not use the same password sure employees do not use the same password for entry into many different places- this will help for entry into many different places- this will help limit the damage that can be done even if your limit the damage that can be done even if your information is taken.information is taken.

When it Doubt, Pull it Out!When it Doubt, Pull it Out!

If You believe a computer on your network If You believe a computer on your network has been infected or compromised, remove has been infected or compromised, remove it from the network and/or Internet it from the network and/or Internet immediately.immediately.

It’s much safer to troubleshoot a computer It’s much safer to troubleshoot a computer and scour for compromises if that computer and scour for compromises if that computer can’t do damage while you’re looking.can’t do damage while you’re looking.

Dynamic Net, Inc.Dynamic Net, Inc.

Dynamicnet.net is a privately held Dynamicnet.net is a privately held Pennsylvania corporation and we have been Pennsylvania corporation and we have been providing Secure Web Hosting, Email providing Secure Web Hosting, Email Hosting, and Web Server Management Hosting, and Web Server Management services from right here in Berks County services from right here in Berks County since 1995since 1995