When most of us hear of identity theft we first think of someone stealing information from our garbage can and using it to open an account. While personal identity theft is a real threat, many small business owners fail to realize that their business is subject to identity theft as well.
Many of us try to keep our personal data hidden from others; however, as businesses we often times promote pieces of this private data – address, contact information, phone number, and even business license number.
Just as you do in your personal life, it is important to take steps to protect your small business from identity theft. Some basic steps include:
1. Check your business credit report
2. Be sure to have an email security system in place to prevent spam, viruses, and phishing
3. Lock down the network – firewalls, encrytion
4. Shred important documents (dumpster diving is still common)
According to a Panda security report, a surprising 29% of small businesses don’t have a spam filtering solution. Additionally, 16% of small businesses do not have firewalls.
You can read more on small business (SMB) identity theft in the following CIOZone article.
The other day I got an instant message from a friend who franticly told me “I keep getting spam from myself!” He went on to explain that his torch and pitchfork-carrying co-workers were also seeing the same thing.
One thing led to another, paranoia grew into pandemonium, and before they knew it everyone was throwing around the “R” word. Thankfully, before they “reformatted” every computer on their network with hopes of closing the door on the supposed hacker, my friend wisely called on me (his buddy in the email security business) to offer some insight. “Worry not my friend. Worry not.” I confidently exclaimed . “All you’re seeing is a spoofed email address, nothing more.” As I went on to tell him about the ins and outs of email spoofing, his mind was put at ease and his company’s network-wide reformat was safely averted. But what exactly is email spoofing? I’ll explain to you as I did to him.
What is email spoofing?
Email spoofing is a tactic that spammers use to make your email server think that you are sending a message to yourself, therefore it is “OK” to let the message through. In actuality the messages are not from you…it just looks that way. Wikipedia explains it well:
E-mail spoofing is a term used to describe (usually fraudulent) e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field (found in the e-mail headers) it actually comes from another source. (http://en.wikipedia.org/wiki/E-mail_spoofing)
How common is email address spoofing?
Spoofed addresses are extremely common because of the high rate of successful delivery when sent to unprotected email addresses. A quick check of my own spam quarantine shows that in the past 30 days alone, Mailprotector’s spam filter caught 52 spam messages that look as though they were sent from my own email address. These messages account for over half of all the spam in my quarantine for that time period. Thanks to Mailprotector I have never received even one of these annoying pieces of email in my inbox, but my friend and others like him don’t fare so well. Many email users get spam from a spoofed address that looks like their own on a daily basis.
Is email spoofing dangerous?
Not always, but it definitely can be. Spoofing an email address is as easy as putting a forged return address on a package or envelope, and (in much the same way) it’s the contents you have to watch out for. Messages that use email spoofing to get from point A to point B may contain content that’s simply annoying, such as links to canadian pharmaceutical websites. On the flip side such messages may also contain viruses, trojans, worms, or links to phishing websites that are standing by to automatically install harmful malware as soon as you click.
How to stay safe from email spoofing
The best practice when it comes to spoofed email addresses is to simply never open an email if it’s from your own address. Just delete that sucker and move on. Even better yet, use a good email security service to filter out emails that use advanced address spoofing tactics. If you go with a managed solution such as Mailprotector, they will be blocked before they ever even get to your email server. Nice.
by Jeremy Nigh on July 23, 2009
According to a mid-year report from TRACElabs, spam is at it’s highest level ever. Previously the highest level recorded was in July of 2008, so this trend suggests that spammers really kick things into high gear during the summer months, and they don’t care one bit about the actions being taken against them.
“The clear message spammers are giving us is that they are unimpeded by the efforts of law enforcement and the security community,” says TRACElabs senior researcher Phil Hay.
With the recent FTC crackdown on Mocolo and 3FN the volume of spam did slow considerably. However, these latest reports show that spammers have hunkered down and brazenly developed better and more resilient systems for keeping themselves in business. According to Hay, “The crime groups running the Waledac, Rustock, Pushdo and Grum spamming botnets continue to be very strong.”
The report also shows that:
- More than 30% of all spam last week came from Asian countries after Vietnam overtook traditional spam powerhouses China, Turkey and Russia for the first time ever.
- Brazil continues to dominate with over 15% of all spam, followed by the USA with 10%.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
So despite the fact that organizations are investing more time, money, and resources into the spam problem, the spammers continue to relentlessly pound the unprotected email user with wave after wave of unsolicited messages. These high numbers serve as a reminder that the spam epidemic is not going to disolve anytime soon, so this blogger recommends that you find a good email security service and ride out the storm in comfort.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
by Jeremy Nigh on June 30, 2009
Michael Jackson’s death last week left a mourning fan base of gargantuan proportions. Fans of the “King of Pop” (one of which this writer is not) have expressed their grief and sentiments through email, youtube, twitter, and various other social and Internet-related media in a way rarely seen before. But for many, their state of sadness has left them vulnerable to email and web-based attacks.
It’s no secret that spammers and malware creators can always be counted on to deliver a bevy of non-benevolent business when a phenomenon such as this reveals itself. At only 50 years old, nobody (least of all the average spammer) expected MJ to die so suddenly. Subsequently, Micheal Jackson email scams got off to a slow start, but over the past weekend attacks have ramped up significantly. Have a look at an actual Mailprotector quarantine page to see some of the spam we’ve stopped over the past 3 days:
A quick Mailprotector quarantine search for the words "Michael Jackson" yields quite a few results.
It’s not really surprising. Spammers have always had a propensity to follow the buzz of current trends and hot news stories. They’ve learned what works, and focusing on current events works very well for them. The Michael Jackson death story is the latest “easy target” scenario, but be forewarned that spammers never stop looking for creative ways to get to your inbox, so it’s important to take proper measures to ensure you’re protected from the Bad stuff.
The best way to keep safe is to use an email security service (such as Mailprotector) that provides an exchange spam filter, which tells spam messages to Beat It before they even get to your email server. If such a service is not an option for you, however, you can always take the common-sense approach to protect yourself:
- Always be very careful to only open email from trusted senders
- Never click links in emails that seem even remotely suspicious
Better safe than sorry is always the way to go when dealing with potentially harmful email. The Michael Jackson spam attacks will subside, but if history is any indicator the next spam-inducing current event is just around the corner, and for those of us in the email security industry it promises to be one heck of a Thriller.
by Bruce LaFlam on June 17, 2009
Today we announced unlimited mailbox storage for Hosted Exchange customers. The new service goes beyond alternative Hosted Exchange offerings by eliminating downtime resulting from restrictive mailbox limits that are exceeded quickly, preventing email access. Our Exchange hosting also slashes the cost of mobile email synchronization and gives users the option of integrating its robust email hosting solution with the Mailprotector premium email security suite, providing highly available email services including exchange spam filtering.
“Email quota management has been a struggle for both users and organizations managing email systems. Quotas reduce productivity by requiring users to manage their mailboxes instead of focusing on more strategic business activities,” said Michael Osterman, founding analyst for Osterman Research. “With 60 percent of organizations having to impose a size quota on email this is a widespread issue and vendors like Mailprotector that cost-effectively overcome this challenge will address a painful business concern.”
You can read the full press release here.
We finally launched! Whenever you’re working on something it always takes longer than you want but the group around here is pretty jacked today. We’ve had the new console in partner and end user beta for about 2 months now with a ton of changes along the way. Our marketing and tech folks took the public site from idea to reality in 8 weeks which was awesome. With the public site launch we finally had to bite the bullet and retire the old console. Sorry, I know some of you don’t like change but I promise, you’re gonna love this one. You’ll still see us cleaning a little house here and there but we just couldn’t wait to get it out. I think my favorite is the new pricing page which calculates any service option including Hosted Exchange.
Enjoy the new sites and for our international customers, please join us here in the U.S. this Memorial Day weekend as we honor our fallen soldiers who died to bring freedom around the world.
