by Jeremy Nigh on June 30, 2009
Michael Jackson’s death last week left a mourning fan base of gargantuan proportions. Fans of the “King of Pop” (one of which this writer is not) have expressed their grief and sentiments through email, youtube, twitter, and various other social and Internet-related media in a way rarely seen before. But for many, their state of sadness has left them vulnerable to email and web-based attacks.
It’s no secret that spammers and malware creators can always be counted on to deliver a bevy of non-benevolent business when a phenomenon such as this reveals itself. At only 50 years old, nobody (least of all the average spammer) expected MJ to die so suddenly. Subsequently, Micheal Jackson email scams got off to a slow start, but over the past weekend attacks have ramped up significantly. Have a look at an actual Mailprotector quarantine page to see some of the spam we’ve stopped over the past 3 days:
A quick Mailprotector quarantine search for the words "Michael Jackson" yields quite a few results.
It’s not really surprising. Spammers have always had a propensity to follow the buzz of current trends and hot news stories. They’ve learned what works, and focusing on current events works very well for them. The Michael Jackson death story is the latest “easy target” scenario, but be forewarned that spammers never stop looking for creative ways to get to your inbox, so it’s important to take proper measures to ensure you’re protected from the Bad stuff.
The best way to keep safe is to use an email security service (such as Mailprotector) that provides an exchange spam filter, which tells spam messages to Beat It before they even get to your email server. If such a service is not an option for you, however, you can always take the common-sense approach to protect yourself:
- Always be very careful to only open email from trusted senders
- Never click links in emails that seem even remotely suspicious
Better safe than sorry is always the way to go when dealing with potentially harmful email. The Michael Jackson spam attacks will subside, but if history is any indicator the next spam-inducing current event is just around the corner, and for those of us in the email security industry it promises to be one heck of a Thriller.
I don’t think it matters which political side you lean to, we can all be saddened by the affects of South Carolina Governor Mark Sanford’s actions on his family. Having lived in SC just about all of my life I’m deeply upset by what he’s done to the image of South Carolina around the nation and the world. I don’t intend to delve into the personal or political fallout of Sanford’s revelation yesterday but there could be some email security implications worth exploring.
We know that The State newspaper in Columbia has had email purportedly between Governor Sanford and this Argentinian woman since as early as December of last year. The paper says that it did not publish the story because there was no way to corroborate the authenticity of the messages. While there are many important specifics we don’t know, The State says it was sent the emails “from the governor’s personal e-mail account by an anonymous person.”
Given this revelation, its easy to see why The State held the story. Let’s take a look at a couple of email basics:
- An email is just like a letter in the sense that you can write whatever you want on the return address and there is no way to determine if that information has any relation to the real sender. (Yes, we do have some newer options to help like SPF and domain keys but they aren’t foolproof and you have to be in control of the receiving server to use these tools).
- Sending a regular email message is just like sending a postcard. If anyone at the post office (or in this case any person in control of any router at any ISP that the data stream is routed through) wants to flip it over and read the back, they can.
- If you have truly sensitive information, it should be encrypted using TLS or another email encryption technology.
- Even if you encrypt a message, if someone has username and password access to your email client they’re going to be able to read your mail.
Now, lets pick our story back up. If The State was sent these messages by an anonymous person, the authenticity of the messages would be no more reliable than the credibility of the person producing them as he or she could have easily forged the information and created them out of thin air. So, it seems reasonable for The State to have sat on the story with no other corroborating data.
But, how did they get Gov. Sanford’s email messages in the first place? By “personal email account” we’re going to have to assume this was not an email account under control of the SC State Government since all of those messages would be subject to archiving and state disclosure requirements as well as under the control of an IT administration department. We assume the Governor must have known this and was using some other email account.
Given this assumption we have to conclude that the ‘anonymous’ person was either 1) a rouge admin at an ISP (seems highly unlikely) or 2) someone with close personal knowledge of the situation that had access to Governor Sanford’s email. I’ll have to leave that with you to ponder until we know more about ‘anonymous’. In the mean time, here are a few email security tips to safeguard the content of your email:
- Always use TLS encryption on your email server. If you don’t host your own, be sure your provider uses TLS to transmit your messages across the Internet.
- If you connect to your email server using a web client, make sure you use a secure connection such as SSL (look for the ‘https’ in the address bar of your browser)
- If you connect with a client such as Outlook make sure you are using a secure connection as well.
And finally,
- Whatever you do, don’t use “password”, “pass” or your username as your password. Create a password that is a combination of numbers, letters and symbols.
by Ben Hathaway on June 25, 2009
The Security Essentials Pack is Microsoft’s most recent effort to improve the security of their operating system. This is Microsoft’s replacement for the Windows Live OneCare software which was discontinued months ago. And while the OneCare software was fairly cheap, the Security Essentials Pack is free. The features will include key security tasks such as fighting viruses, rootkits and other malware. However, it will not provide any firewall or spam protection.
Lets hope the performance of the Security Essentials Pack is better than OneCare. While OneCare might have been protecting your computer, it also performed so poorly that you could definitely tell that it was there. Security software like this should be lightweight enough that you can set it up and forget that it is even there and it just does its job.
Microsoft is also doing the right thing with the Security Essentials Pack by allowing it to tap into the potential of cloud-base services. Most security software applications are stuck in the days of periodically downloading updated virus definitions. Microsoft Security Essentials will share information with the cloud-based Microsoft Dynamic Signature Service which should allow the software to always be aware of the latest threats as well as whitelist information in order to prevent false positives. They are not the first antivirus software to utilize the cloud but it is certainly a welcomed addition to any security software that relies on being up-to-date in order to be fully effective.
Ok, this one is a little off the email security topic but I think it’s a fundamental marketing question worth exploring.
I walked in my bank the other day (I like the smaller local banks because I like knowing who’s messing with my money) and they have this big display for Coke on the main table in the lobby. As I walk up to the teller window and start chatting I see that they are offering a free 2 liter of Coke with any new account. So, after my obligatory joke about what happened to the free toasters I had to ask if they really thought offering a $.99 two liter of Coke was going to make one iota of difference in anyone’s decision making process about whether to open an account or not. Needless to say, most in this branch agreed that it made a nice looking display but a pretty ineffective marketing tool.
I left the bank and passed the experience off as one of those little amusements of life. Until yesterday, that is, when I open a local business paper and see another bank who has designed and paid for an entire ad around the enticement of a free box of cookies for opening a new account. This made me start to doubt my own logic now. Are there really people out there saying to themselves “Hmmm, can’t decide which bank to use. Do I want the cookies or the Coke?”
From the very first day of Mailprotector’s launch I made sure that we offered a fully functional 30 day demo without any credit card numbers or other upfront obligations. I always felt like the best way for our customers to know if Mailprotector would work for them is to actually use it. Especially for something as critical as a spam filtering service. I never really thought of it as a marketing gimmick or freebie. Maybe banks should do the same. Let us try their online banking for a while. Let us see if their tellers really are that friendly and their hours convenient.
Please tell me there’s a difference between the cookies and our demo. If not, we may just switch out the demo with a box of doughnuts…
by Tim Sullivan on June 19, 2009
While there are many causes for bottlenecks that keep applications from running at top speed, Processor Magazine list some tips to maintain performance. One of the tips listed was from our CEO, David Setzer, who recommends “living in the clouds”:
“A typical cloud-based security application does not require user interaction. There is no need for user training. IT does not have to install it on workstations. There is no downtime on the user’s workstation,” he says. The result is a more productive workforce.
Other tips included: take a holistic approach, get a cheap tune-up, and outsource non-core applications. To read about the tips visit the Processor Magazine story here.
by Bruce LaFlam on June 17, 2009
Today we announced unlimited mailbox storage for Hosted Exchange customers. The new service goes beyond alternative Hosted Exchange offerings by eliminating downtime resulting from restrictive mailbox limits that are exceeded quickly, preventing email access. Our Exchange hosting also slashes the cost of mobile email synchronization and gives users the option of integrating its robust email hosting solution with the Mailprotector premium email security suite, providing highly available email services including exchange spam filtering.
“Email quota management has been a struggle for both users and organizations managing email systems. Quotas reduce productivity by requiring users to manage their mailboxes instead of focusing on more strategic business activities,” said Michael Osterman, founding analyst for Osterman Research. “With 60 percent of organizations having to impose a size quota on email this is a widespread issue and vendors like Mailprotector that cost-effectively overcome this challenge will address a painful business concern.”
You can read the full press release here.
by Bruce LaFlam on June 12, 2009
Many businesses today are relying more on email marketing to bring in new customers as well as keep existing customers. Being an email security company with an exchange spam filter capability, we constantly struggle with the dilemma of using email marketing campaigns to sell the Mailprotector Email Security Suite to prospective customers. Here are some things you can do that will help make your email marketing campaign as successful as it can be:
1. Never send from a blacklisted IP address – if your messages get blocked before they reach the customer, your email efforts will be in vain.
2. Obey CAN-SPAM laws – (i.e. no opt out ability or contact info)
3. Never send to people on the “opt out list” – I recently saw this accidentally happen with a service that we were using, doesn’t make for a happy customer.
4. Always have a strategic message – email campaigns should be in concert with other messaging media including: company homepage, newsletters, social media, press releases, etc.
5. Keep the message succinct – we have recently updated our marketing website and one thing we learned, we have only seconds to communicate our message.
If done correctly, email marketing is still an effective way to grow your business. Be sure to follow common sense principles as well as the law. You can read more about the FTC’s requirements here.
by Jeremy Nigh on June 10, 2009
Research shows that email is the most popular tool for online communication
Though email is over 40 years old (that’s older than SMS, Instant Messaging and even the Internet itself) global research conducted by Epsilon in North America, Europe (EMEA), and the Asia-Pacific (APAC) region shows that email is still by far the consumer favorite when it comes to online communication.
Email dominates other popular messaging mediums globally.
And despite the fact that the largest percentage of emails received are reported to be spam, email remains a mainstay communication and is being used on an increasing number of devices.
The vast majority of email messages are spam.
The new definition of spam
As long as email has existed, so have spam and a consumer intolerance of unsolicited messages. The new definition of spam is not limited to emails to which consumers have not subscribed, but now encompasses irrelevant messages and contact saturation as well.
The definition of "spam" is becoming (in some cases) increasingly hard to determine. This underscores the need for an email security solution that includes content filtering.
How to limit spam delivery
Accustomed to these messages, consumers are taking action to eliminate or limit the amount of spam they receive by unsubscribing and using tools such as “junk email” folders, “report spam” and “block sender.” 43%-50% of respondents reported to use a spam filter.
Everyone hates spam, and they'll try anything to stop it.
Source: http://www.epsilon.com
by Ben Hathaway on June 9, 2009
Penn State University announced on Monday that their school email systems have been hit with a phising scam. It sounds like the typical phising scam asking the user to update their information but the links in the email message take them to a false web site where the scammers ask for various types of personal data. This particular scam asked for anything from passwords to social security numbers and credit card numbers.
The reoccurences of this type of scam underscores the need to exercise caution when dealing with email. As a rule of thumb, you should never give out personal information in response to an email message. It also highlights the value of an email security system to filter phising attacks with these types of messages from getting to your users in the first place. If you need to protect your business or organization from these types of email threats, feel free to check us out.
by David Setzer on June 8, 2009
Here is a great article I picked up from one of our Twitter followers. It does an excellent job of explaining the two different cultures and types of blackhats responsible for the spam, malware and other cyber-threats today. Having been in the email security business for almost 10 years now we see the effects of these types of thugs and can deduce much of their makeup but this article really nails it.
It’s interesting how human nature never really changes. This is nothing more than the 2000’s version of your pick pockets and organized crime of 1930’s Chicago or New York.
