facebook linkedin twitter

Computerware Blog

Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How to Identify If an Email is a Security Risk

How to Identify If an Email is a Security Risk

There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?

Continue reading

Why You Should Pay Close Attention to Where Your Emails Come From

Why You Should Pay Close Attention to Where Your Emails Come From

When you get an email from a big name brand or a trusted vendor, how often do you question the authenticity of it? Thanks to threats like email spoofing, you can’t afford to be as trusting of others as you might like. When all it takes is clicking the wrong link or opening the wrong attachment to set something terrible in motion, you need to be very cautious.

A Swedish cybersecurity firm, Detectify, has found that major online domains are now being used to spoof email addresses. Email spoofing is when a hacker makes it look like a message is coming from a certain organization, when in reality it’s not. It’s just a hacker that has made his email domain look like it’s from someone of repute within or outside of your organization. The reason: misconfigured server settings. Since email servers don’t automatically authenticate whether or not email addresses are legitimate, this is something that needs to be set up by your email provider or IT administrator.

There are numerous ways to make sure your email server is configured properly, but you should only do so if you’re a skilled technician. You don’t want to accidentally make a mistake and change settings that could put your business at risk. To understand how these email spoofing attacks work, let’s start by looking at the details.

Sender Policy Framework (SPF)
The SPF is a record that is checked when your DNS record is examined. This determines if the server is allowed to send and receive email from the domain. SPF uses three specific modifiers for its messages:

  • Softfail: The message is accepted and marked as spam.
  • Hardfail: The message is rejected entirely.
  • Neutral: The message is let through without incident.

DomainKeys Identified Mail (DKIM)
The header and body of the email are hashed separately with DKIM; furthermore, a private key is made and sent along with the message. When the message is opened by the receiving party, the key will perform a DNS request to identify where the email came from. If things seem legitimate, the message is received.

Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC uses both SPF and DKIM to authenticate an email. DMARC splits its functions into three parts:

  • Reject: The user never sees the message because it was fully rejected by the mail server.
  • Quarantine: The message is stored for review at a later date.
  • None: The message is allowed through with no difficulty.

Basically, what DMARC wants to accomplish is identifying messages as fakes, but also allow administrators to check and make sure that flagged messages aren’t accidentally being marked as spam.

Even if you don’t know the exact details of how email spoofing works, here’s a statistic that speaks for itself. Out of the top 500 sites on the Internet, 276 of them can be spoofed. According to Detectify, this includes servers that don’t have SPF or DMARC set up properly. Also included are servers that don’t have any SPF at all, those that use SPF with softfail only, and DMARC with only action “none.”

In other words, these email servers would be doing literally nothing to keep threatening messages from arriving in your employees’ inboxes. Therefore, it’s your responsibility that you’re proactively managing what gets received and processed by your own email server. Additionally, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The most direct way to keep your employees from falling for email spoofing is to prevent them from receiving spam messages in the first place. Reduce their exposure to threats and you’ll be in a much better position. Make sure that you teach them about phishing scams and other security threats so as to minimize the chances that they will act foolishly in the face of one.

To make sure that your business keeps security top-of-mind, look no further than Computerware. You can contact us at (703) 821-8200.

Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Computing Software Business Management Hackers Microsoft Data Workplace Tips Managed Service Provider Backup Productivity Hardware Network Security Business Email Hosted Solutions Saving Money Malware IT Services Efficiency Google IT Support Small Business User Tips Computer Smartphones Innovation Mobile Devices Quick Tips Business Continuity Gadgets Microsoft Office Network VoIP Disaster Recovery Productivity Android Data Backup Social Media Mobile Office Collaboration Communication Virtualization Server Smartphone Mobile Device Management communications Upgrade Data Recovery Miscellaneous Windows 10 Tech Term Cybersecurity IT Support Ransomware Unified Threat Management Phishing Windows Holiday Operating System Passwords Remote Monitoring Facebook Vendor Management BYOD Remote Computing Apps Mobile Computing Automation Analytics Managed IT services BDR Users WiFi Data Management Apple Marketing Outsourced IT Mobile Device Internet of Things The Internet of Things Artificial Intelligence Firewall History Alert App Managed IT Services Browser Save Money Big data Cloud Computing Encryption IT Consultant Windows 10 Office Content Filtering Office 365 Going Green Spam Maintenance Printer Two-factor Authentication Gmail Bandwidth Bring Your Own Device Health Antivirus Cost Management Outlook Windows 8 Information Technology Lithium-ion Battery Training Best Practice Budget Hiring/Firing Virus Tech Support Business Technology Hard Drives Help Desk Managed IT Wireless Technology Saving Time Cybercrime Search Travel Education Hacking Update Healthcare Access Control IBM Money Document Management It Management Blockchain Recovery Employer-Employee Relationship Computers VPN Phone System Intranet Twitter Legal Networking Information iPhone Risk Management Regulations Save Time SaaS Humor File Sharing Customer Service Law Enforcement Applications Augmented Reality Hard Drive PowerPoint Government Proactive IT Compliance Managed Service Mobility Website Running Cable Data storage Administration Data Breach Laptop Current Events Business Growth Value Password Cortana Digital Avoiding Downtime Project Management Telephony Hacker Websites Management Machine Learning Paperless Office Fax Server Vulnerabilities Telephone Systems Sports Business Intelligence Disaster Excel User Digital Payment Computing Hosted Solution End of Support Router Downtime Social Robot Customer Relationship Management Wireless Data Security Securty Comparison Tablet Google Maps DDoS Company Culture Computer Repair Patch Management Solid State Drive Data Loss Social Engineering Social Networking Scam Black Market Flexibility Word Retail Cryptocurrency How To eWaste Google Docs Monitoring Experience User Error Download Evernote Co-managed IT Private Cloud Inbound Marketing Monitors Streaming Media Virtual Assistant Cleaning Office Tips Start Menu Tech Terms Microchip Taxes Processors Lifestyle Distributed Denial of Service USB Net Neutrality Mobile Technology YouTube Pain Points Chrome Presentation Cooperation Software as a Service Unified Communications Settings Vendor Uninterrupted Power Supply Public Cloud Virtual Desktop Specifications Safety Vulnerability Identity Theft Computer Accessories Bitcoin Documents Data Protection Windows 7 IT service Heating/Cooling Trending Gaming Console Distribution Entertainment Virtual Reality Mouse Politics Storage Webcam Emails Bluetooth Text Messaging Conferencing Automobile Chromebook Statistics Programming Computing Infrastructure Hack Network Congestion Voice over Internet Protocol Redundancy Proxy Server VoIP Thin CLient UTM Content Rental Service Meetings Public Speaking Modem Touchscreen News Visible Light Communication Memory 3D Ebay Knowledge Smart Phones IT Plan Enterprise Resource Planning Web Server Shortcut Term Consultation IT consulting Legislation Error Cabling Electronic Medical Records email scam Addiction Wi-Fi Administrator Entrepreneur Recycling Directions Technology Tips Webinar Accountants A.I. Books Workers Troubleshooting Analytic Recording Environment Dark Web Audit CIO Leadership Multi-factor Authentication Supercomputer HIPAA Product Reviews SSID Fake News Advertising Flash Adminstration Pirating Information Read Health IT Staffing Google Wallet Migration Connected Devices Competition Processing Data Warehousing Windows XP Wireless Headphones Telephone Worker Electronic Payment Society Network Management Managed IT Service Access Displays Equifax Fleet Tracking Reading Samsung Business Owner Logistics Emergency Hard Drive Disposal G Suite Device Management Bookmark Computer Care Micrsooft Device security MSP Employer Employee Relationship IP Address Microsoft Excel Human Resources Content Management Drones Best Practives Desktop Finance Hacks Physical Security Application Business Managemenet Google Play Google Drive Windows Server 2008 Nanotechnology Social Network Licensing Business Cards Service Level Agreement Banking Botnet Processor Spyware Mobile Payment Upselling Startup Asset Tracking Relocation Tablets Microsoft 365 Unified Threat Management Video Surveillance Backup and Disaster Recovery Sync online Currency Browsers Electricity Printing Username Medical IT Permissions Language Microserver User Tip Saving ZTime Gamification Notifications CCTV Digital Signature Security Cameras Screen Reader Customer Resource management Music Get More Done Piracy Upload Business Metrics Computer Malfunction Teamwork LinkedIn Navigation cache Television switches Writing Smart Tech Reliable Computing Solutions Fiber-Optic Debate Database In Internet of Things Data Analysis WannaCry Downloads Upgrades Printer Server Harddrive HTML Professional Services Turn Key PDF Archive Corporate Profile Trojan Mobile Security Skype GDPR Time Management Freedom of Information LiFi GPS Telephone System External Harddrive Software License Trends Motion Sickness Best Available Keyboard Tech Assessment SharePoint Organize Multi-Factor Security Cost Scalability Integration Fraud Tactics Fileless Malware Google Calendar Deep Learning Devices Messenger Tracking Domains Point of Contact Tip of the week Work/Life Balance Transportation 3D Printing Capital Productuvuty Printers Managing Stress CrashOverride Regulation