Email Attacks

We all know that email is a popular communication tool for official communication as well as personal communication. Do you know that email is also one of the most common distribution channels to spread viruses and malware? Attackers often use spam emails to trick the unsuspecting users to open email and follow the links in the message or click on malicious attachments. By that time you click the link or file, you have already fallen into the trap of attackers!

Now let us share with you the reality. From 1 March to 10 May 2016, only 12% of incoming emails were not categorized as virus or junk mail. In other words, during this period, ICTO’s secure email gateway has detected and stopped the rest of 88% infected emails.

Category  Percent  
Blocked:Proofpoint Dynamic Reputation Filtering77.73%
Blocked:Email Firewall 1.73%
Blocked:Anti-Virus 0.10%
Blocked:Zero-Hour 0.01%
Junk messages3.89%

Protecting Mailboxes from Harmful Emails

To shoulder the mission of protecting UM staff and students from falling victim to scams, harmful and malicious email attacks, ICTO has set up a Secure Email Gateway with next-generation email filtering system. The email filtering system is in use since last year and automatically inspects every incoming or outgoing email of staff and students email system to identify malicious and harmful emails. It has been successfully protecting the mailboxes from most of the spam, viruses, malware, phishing scams and other unwanted messages.

Secure email gateway inspect all incoming emails of campus email system.

Targeted Attacks

Sometimes, attackers send an email disguised as a legitimate email. It typically directs the receivers to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers.

ICTO’s secure email gateway uses analytic scoring service with URL Defence. It helps protect against accessing harmful sites and provides additional visibility into phishing and other malicious attacks. If the link within an email is malicious, you will see the notification in your web browser.

Email Security Tips

1. Use Different Passwords for Different Email Accounts

If you set all of your accounts passwords (Facebook notifications, website registrations, newsletters, messages, etc.) pointing to a single email account, it makes all your accounts accessible to someone who may breaks into your email account. Keep a couple of email accounts and set different passwords for different email accounts.

2. Create a Strong Password

Strong password includes Numbers, Symbols, Capital Letters, and Lower-Case Letters. When creating a password, use a mix of different types of characters to make the password harder to guess and crack. Never use one password for all of your accounts. Do not create a password that refer to a name, date of birth or a word in disctionary. To make it more secure, create a combination of alphabets, numbers and permitted special characters.

3. Beware of Phishing Scams

When someone sends an email asking personal information, please do not disclose your personal information. ICTO never requires you to provide your password.  Stay alert if you are being asked about your account name, password, banking information etc.

Some examples.

Phishing campaign targeting Online Bank

4. Think before Clicking Links in Emails

Whenever you see a link in an email, please do not click on the link. The only exceptions are when you are expecting a particular email with a link. If you get an email from your bank or any other service provider such as bill payments, courier service or publishing research papers and Journals sites, always visit the website manually by typing the link.

5. Do not Open Unsolicited Attachments

Attachments are tricky in emails. If the email is unsolicited or it looks suspicious, do not open the attachment.

6. Avoid Public Wi-Fi

Avoid checking your email when you are on public Internet. Public Wi-Fi can be extremely insecure.