facebook linkedin twitter

Computerware Blog

Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How to Identify If an Email is a Security Risk

How to Identify If an Email is a Security Risk

There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?

Continue reading

Why You Should Pay Close Attention to Where Your Emails Come From

Why You Should Pay Close Attention to Where Your Emails Come From

When you get an email from a big name brand or a trusted vendor, how often do you question the authenticity of it? Thanks to threats like email spoofing, you can’t afford to be as trusting of others as you might like. When all it takes is clicking the wrong link or opening the wrong attachment to set something terrible in motion, you need to be very cautious.

A Swedish cybersecurity firm, Detectify, has found that major online domains are now being used to spoof email addresses. Email spoofing is when a hacker makes it look like a message is coming from a certain organization, when in reality it’s not. It’s just a hacker that has made his email domain look like it’s from someone of repute within or outside of your organization. The reason: misconfigured server settings. Since email servers don’t automatically authenticate whether or not email addresses are legitimate, this is something that needs to be set up by your email provider or IT administrator.

There are numerous ways to make sure your email server is configured properly, but you should only do so if you’re a skilled technician. You don’t want to accidentally make a mistake and change settings that could put your business at risk. To understand how these email spoofing attacks work, let’s start by looking at the details.

Sender Policy Framework (SPF)
The SPF is a record that is checked when your DNS record is examined. This determines if the server is allowed to send and receive email from the domain. SPF uses three specific modifiers for its messages:

  • Softfail: The message is accepted and marked as spam.
  • Hardfail: The message is rejected entirely.
  • Neutral: The message is let through without incident.

DomainKeys Identified Mail (DKIM)
The header and body of the email are hashed separately with DKIM; furthermore, a private key is made and sent along with the message. When the message is opened by the receiving party, the key will perform a DNS request to identify where the email came from. If things seem legitimate, the message is received.

Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC uses both SPF and DKIM to authenticate an email. DMARC splits its functions into three parts:

  • Reject: The user never sees the message because it was fully rejected by the mail server.
  • Quarantine: The message is stored for review at a later date.
  • None: The message is allowed through with no difficulty.

Basically, what DMARC wants to accomplish is identifying messages as fakes, but also allow administrators to check and make sure that flagged messages aren’t accidentally being marked as spam.

Even if you don’t know the exact details of how email spoofing works, here’s a statistic that speaks for itself. Out of the top 500 sites on the Internet, 276 of them can be spoofed. According to Detectify, this includes servers that don’t have SPF or DMARC set up properly. Also included are servers that don’t have any SPF at all, those that use SPF with softfail only, and DMARC with only action “none.”

In other words, these email servers would be doing literally nothing to keep threatening messages from arriving in your employees’ inboxes. Therefore, it’s your responsibility that you’re proactively managing what gets received and processed by your own email server. Additionally, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The most direct way to keep your employees from falling for email spoofing is to prevent them from receiving spam messages in the first place. Reduce their exposure to threats and you’ll be in a much better position. Make sure that you teach them about phishing scams and other security threats so as to minimize the chances that they will act foolishly in the face of one.

To make sure that your business keeps security top-of-mind, look no further than Computerware. You can contact us at (703) 821-8200.

Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Computing Software Business Management Hackers Data Microsoft Backup Workplace Tips Hardware Managed Service Provider Productivity Network Security Email Business Hosted Solutions Malware Saving Money IT Services Efficiency IT Support Google User Tips Small Business Computer Innovation Smartphones Productivity Quick Tips Mobile Devices Business Continuity Gadgets VoIP Social Media Microsoft Office Network Data Backup Android Collaboration Disaster Recovery Data Recovery Mobile Office Server Upgrade Virtualization Communication IT Support communications Mobile Device Management Smartphone Miscellaneous Ransomware Windows 10 Tech Term Cybersecurity Windows Phishing Facebook Operating System Unified Threat Management Holiday Remote Monitoring Vendor Management Passwords Apps Managed IT services Automation BYOD Users Remote Computing Mobile Computing Analytics WiFi Internet of Things BDR Mobile Device Marketing Apple Outsourced IT Data Management The Internet of Things History Artificial Intelligence Browser Firewall Managed IT Services Alert Save Money App Cloud Computing Encryption Two-factor Authentication Big data Spam IT Consultant Help Desk Bring Your Own Device Gmail Antivirus Windows 10 Office Maintenance Printer Health Content Filtering Going Green Bandwidth Office 365 Business Technology Windows 8 Outlook Wireless Technology Saving Time Computers VPN Search Government Tech Support Virus Employer-Employee Relationship Cybercrime Training Cost Management Lithium-ion Battery Best Practice Information Technology Hiring/Firing Managed IT Hard Drives Budget Customer Service Travel Networking Education Information Recovery Update Healthcare Access Control Hacking Phone System It Management IBM Money Document Management Managed Service Blockchain Administration Twitter Intranet Humor Website Legal Avoiding Downtime Regulations Risk Management iPhone SaaS Password Save Time File Sharing Downtime Applications Hard Drive Law Enforcement Compliance Mobility Augmented Reality Proactive IT Running Cable Data Loss Data storage PowerPoint Flexibility Social Networking Scam Black Market Fax Server Cryptocurrency Social Wireless Data Breach Laptop Private Cloud DDoS Business Growth Digital Project Management Telephony Websites Management Machine Learning Word Retail Paperless Office Vulnerabilities Telephone Systems Sports Value Computing Business Intelligence Cortana Disaster End of Support Digital Payment Hosted Solution Excel Robot Hacker Router Current Events Windows 7 Data Security Securty Customer Relationship Management Comparison Tablet Google Maps Patch Management Solid State Drive Company Culture Social Engineering User Computer Repair Virtual Desktop Specifications Safety Chromebook Webcam Statistics Lifestyle Voice over Internet Protocol Redundancy Text Messaging Programming Computing Infrastructure Hack Monitoring Network Congestion How To Documents Google Docs Teamwork Heating/Cooling Evernote Entertainment Experience Download Monitors Storage Virtual Assistant Cleaning Streaming Media Office Tips Microchip Taxes Start Menu Tech Terms Inbound Marketing Mobile Technology YouTube Distributed Denial of Service Net Neutrality Cooperation Software as a Service Unified Communications Settings eWaste Chrome Pain Points Public Cloud Vendor Uninterrupted Power Supply Vulnerability Bitcoin Identity Theft Computer Accessories IT service Processors Data Protection Co-managed IT USB Distribution User Error Downloads Trending Politics Presentation Virtual Reality Mouse Emails Gaming Console Bluetooth Conferencing Automobile Tech Assessment SharePoint Harddrive Multi-Factor Security Cost Skype Scalability Integration Debate Software License Trends Archive Motion Sickness Google Calendar Deep Learning Devices Messenger Tracking Tip of the week GPS Work/Life Balance Fraud Tactics Fileless Malware UTM Content Rental Service Meetings Modem Digital Signature Touchscreen News Visible Light Communication Memory Point of Contact Proxy Server Azure VoIP External Harddrive Web Server Term Consultation IT consulting Legislation Error Cabling Best Practives Electronic Medical Records Transportation Knowledge IT Plan Enterprise Resource Planning Technology Tips Thin CLient Accountants A.I. Books Workers Recording 3D Ebay email scam Addiction Wi-Fi Administrator Directions Multi-factor Authentication Recycling Supercomputer Microserver SSID Fake News Advertising Flash Analytic Dark Web Free Resource PDF Audit CIO Smart Phones Processing Best Available Keyboard Data Warehousing Windows XP Wireless Headphones Telephone Product Reviews Worker Health IT Employee/Employer Relationship Staffing Google Wallet Migration Connected Devices Managed IT Service Access Displays Leadership Equifax Fleet Tracking Reading Samsung Get More Done Logistics Domains Emergency Hard Drive Disposal Society Adminstration Pirating Information Network Management Read Micrsooft Device security MSP Employer Employee Relationship Turn Key Public Speaking Microsoft Excel G Suite Printer Server Bookmark Computer Care Finance Hacks Physical Security Google Play Shortcut Google Drive Windows Server 2008 Nanotechnology Social Network Licensing Trojan Employer/Employee Relationships Drones Desktop Device Management Organize Processor Entrepreneur Spyware Mobile Payment Startup Asset Tracking Business Managemenet Relocation Tablets Microsoft 365 Troubleshooting Business Cards Service Level Agreement Content Management Banking Botnet Username Medical IT HIPAA Permissions Language Unified Threat Management Backup and Disaster Recovery Sync Browsers Environment Electricity Printing Gamification online Currency Notifications CCTV Security Cameras Competition Upselling Screen Reader Customer Resource management User Tip Proactive Maintenance Electronic Payment Navigation cache Television switches Writing Smart Tech Reliable Computing Solutions Business Owner Music Video Surveillance Piracy Upload Business Metrics Computer Malfunction Upgrades Saving ZTime HTML LinkedIn Professional Services IP Address Fiber-Optic Database In Internet of Things Webinar Data Analysis WannaCry Mobile Security GDPR Application Time Management Freedom of Information LiFi Telephone System SQL Server Human Resources Corporate Profile CrashOverride Regulation 3D Printing Capital Productuvuty Managing Stress Printers