facebook linkedin twitter

Computerware Blog

Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How to Identify If an Email is a Security Risk

How to Identify If an Email is a Security Risk

There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?

Continue reading

Why You Should Pay Close Attention to Where Your Emails Come From

Why You Should Pay Close Attention to Where Your Emails Come From

When you get an email from a big name brand or a trusted vendor, how often do you question the authenticity of it? Thanks to threats like email spoofing, you can’t afford to be as trusting of others as you might like. When all it takes is clicking the wrong link or opening the wrong attachment to set something terrible in motion, you need to be very cautious.

A Swedish cybersecurity firm, Detectify, has found that major online domains are now being used to spoof email addresses. Email spoofing is when a hacker makes it look like a message is coming from a certain organization, when in reality it’s not. It’s just a hacker that has made his email domain look like it’s from someone of repute within or outside of your organization. The reason: misconfigured server settings. Since email servers don’t automatically authenticate whether or not email addresses are legitimate, this is something that needs to be set up by your email provider or IT administrator.

There are numerous ways to make sure your email server is configured properly, but you should only do so if you’re a skilled technician. You don’t want to accidentally make a mistake and change settings that could put your business at risk. To understand how these email spoofing attacks work, let’s start by looking at the details.

Sender Policy Framework (SPF)
The SPF is a record that is checked when your DNS record is examined. This determines if the server is allowed to send and receive email from the domain. SPF uses three specific modifiers for its messages:

  • Softfail: The message is accepted and marked as spam.
  • Hardfail: The message is rejected entirely.
  • Neutral: The message is let through without incident.

DomainKeys Identified Mail (DKIM)
The header and body of the email are hashed separately with DKIM; furthermore, a private key is made and sent along with the message. When the message is opened by the receiving party, the key will perform a DNS request to identify where the email came from. If things seem legitimate, the message is received.

Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC uses both SPF and DKIM to authenticate an email. DMARC splits its functions into three parts:

  • Reject: The user never sees the message because it was fully rejected by the mail server.
  • Quarantine: The message is stored for review at a later date.
  • None: The message is allowed through with no difficulty.

Basically, what DMARC wants to accomplish is identifying messages as fakes, but also allow administrators to check and make sure that flagged messages aren’t accidentally being marked as spam.

Even if you don’t know the exact details of how email spoofing works, here’s a statistic that speaks for itself. Out of the top 500 sites on the Internet, 276 of them can be spoofed. According to Detectify, this includes servers that don’t have SPF or DMARC set up properly. Also included are servers that don’t have any SPF at all, those that use SPF with softfail only, and DMARC with only action “none.”

In other words, these email servers would be doing literally nothing to keep threatening messages from arriving in your employees’ inboxes. Therefore, it’s your responsibility that you’re proactively managing what gets received and processed by your own email server. Additionally, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The most direct way to keep your employees from falling for email spoofing is to prevent them from receiving spam messages in the first place. Reduce their exposure to threats and you’ll be in a much better position. Make sure that you teach them about phishing scams and other security threats so as to minimize the chances that they will act foolishly in the face of one.

To make sure that your business keeps security top-of-mind, look no further than Computerware. You can contact us at (703) 821-8200.

Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Computing Hackers Software Business Management Microsoft Data Workplace Tips Backup Managed Service Provider Productivity Hardware Network Security Business Saving Money Email Malware Hosted Solutions IT Services Efficiency IT Support Google Small Business Computer User Tips Mobile Devices Quick Tips Smartphones Innovation Gadgets Business Continuity VoIP Microsoft Office Disaster Recovery Android Social Media Network Collaboration Productivity Mobile Office Data Backup Virtualization Server Mobile Device Management Smartphone Communication Data Recovery Miscellaneous communications Tech Term Ransomware Windows 10 Upgrade Unified Threat Management Windows IT Support Remote Monitoring Passwords Facebook Holiday Operating System Remote Computing Mobile Computing Phishing Vendor Management Apps Managed IT services Cybersecurity BYOD WiFi BDR Automation Users Data Management Apple The Internet of Things Mobile Device Analytics Marketing Outsourced IT Firewall History App Managed IT Services Internet of Things Browser Save Money Alert Artificial Intelligence Big data IT Consultant Encryption Office 365 Health Content Filtering Cloud Computing Spam Going Green Bandwidth Gmail Bring Your Own Device Antivirus Maintenance Office Printer Tech Support Virus Business Technology Budget Lithium-ion Battery Best Practice Information Technology Two-factor Authentication Hiring/Firing Managed IT Windows 10 Hard Drives Windows 8 Help Desk Cybercrime Outlook Saving Time Wireless Technology Training Search Cost Management Update Healthcare Blockchain Phone System Money IBM Document Management Recovery Employer-Employee Relationship Computers VPN Travel Access Control Hacking Regulations It Management Risk Management Mobility iPhone SaaS Save Time Customer Service Applications Law Enforcement Managed Service Website Augmented Reality Compliance Government PowerPoint Running Cable Data storage Proactive IT Administration Twitter Intranet File Sharing Legal Humor Education Networking Information Hard Drive Avoiding Downtime Google Maps Paperless Office Data Security Social Engineering Sports Computing Patch Management User Business Intelligence Disaster Digital Payment Hosted Solution Data Loss End of Support Excel Scam Router Downtime Robot Social Current Events Securty Wireless Comparison Tablet Customer Relationship Management Data Breach DDoS Solid State Drive Company Culture Project Management Computer Repair Machine Learning Digital Flexibility Websites Social Networking Black Market Telephone Systems Word Cryptocurrency Retail Fax Server Laptop Value Business Growth Password Cortana Hacker Management Bitcoin Processors Inbound Marketing USB Politics Data Protection Virtual Reality Vulnerabilities YouTube Net Neutrality Emails Unified Communications Settings Presentation Automobile Chromebook Pain Points Chrome Virtual Desktop Specifications Safety Computing Infrastructure Hack Cooperation How To Download IT service Redundancy Private Cloud Vendor Documents Computer Accessories Heating/Cooling Co-managed IT Entertainment User Error Trending Telephony Storage Evernote Microchip Taxes Bluetooth Gaming Console Conferencing Mouse Distributed Denial of Service Statistics Webcam Start Menu Tech Terms Lifestyle Programming Text Messaging Network Congestion Public Cloud Monitoring Google Docs Mobile Technology eWaste Software as a Service Experience Cleaning Uninterrupted Power Supply Identity Theft Monitors Vulnerability Streaming Media Office Tips Business Metrics Migration Computer Malfunction Connected Devices Windows XP Term Competition Product Reviews Reliable Computing Wireless Headphones Telephone Staffing Google Wallet Electronic Medical Records Electricity Printing Electronic Payment Directions Windows 7 Leadership Equifax Fleet Tracking Society Recording Business Owner Get More Done Read Adminstration Pirating Information In Internet of Things Network Management Displays Printer Server Device security MSP SSID IP Address Turn Key Micrsooft Dark Web cache Television Desktop Motion Sickness Finance Processing Application Scalability Nanotechnology Social Network Drones Health IT WannaCry Downloads Human Resources Device Management Trojan Managed IT Service Time Management Freedom of Information Organize Business Managemenet Messenger Startup Tracking Asset Tracking Corporate Profile Content Management Business Cards Service Level Agreement Rental Service Meetings Username Permissions Language Unified Threat Management Backup and Disaster Recovery Bookmark Assessment SharePoint Web Server Gamification Google Play Digital Signature Tip of the week Upselling Screen Reader Cabling Customer Resource management Google Calendar online Currency Writing Processor Touchscreen Teamwork News Books Smart Tech Workers Distribution Music VoIP Video Surveillance Wi-Fi Piracy Administrator Upload switches Webinar LinkedIn Saving ZTime HTML Supercomputer Medical IT Knowledge Fiber-Optic Database Upgrades Browsers Consultation Mobile Security LiFi Security Cameras Virtual Assistant Worker Telephone System User Tip Technology Tips PDF Navigation Best Available Fake News Keyboard Skype Harddrive Reading Multi-Factor Security Samsung Cost Audit Archive Debate Software License Trends Data Warehousing Devices Employer Employee Relationship Work/Life Balance Professional Services Domains GPS Fraud G Suite Tactics Deep Learning Data Analysis External Harddrive Hacks UTM Physical Security Content Visible Light Communication Memory GDPR Emergency Hard Drive Disposal Public Speaking Point of Contact Licensing Access IT consulting Tech Microsoft Excel Shortcut Relocation Legislation Tablets Error Computer Care Best Practives Banking IT Plan Botnet Enterprise Resource Planning Google Drive Windows Server 2008 Entrepreneur Thin CLient Accountants A.I. Voice over Internet Protocol Troubleshooting 3D Ebay email scam Sync Addiction Fileless Malware Smart Phones Notifications Multi-factor Authentication CCTV Advertising Flash Modem HIPAA Microserver Analytic CIO Proxy Server Spyware Mobile Payment Environment Recycling CrashOverride Managing Stress Capital Regulation Printers 3D Printing Productuvuty