Module03-Email-Newsletter

 CYBER SECURITY newsletterUSING EMAIL SAFELYTo be Protecting YourselfThe ProblemEmail has become one of the Be Suspicious: The numberprimary methods people one step to protecting yourself is tocommunicate, both at work and at be suspicious. Over 90% of emailhome. Email is extremely powerful, sent on the Internet today is spam,you can instantly reach anyone scams, or malicious attacks. Whilearound the world. Email is simple; security programs block most ofyou just type what you want to say, these attacks, some will always getinclude attachments, and hit send. through. If you receive an emailEmail is cheap, sometimes even that looks odd or sounds too goodfree. Given all these factors it is not to be true, it probably is.unusual for individuals to send or Links and Attachments: Onereceive hundreds of emails a day. of the simplest ways for a cyber The danger is cyber criminals criminal to infect your computer is Using Email Safelycan leverage this technology as to ask you to infect it for them. Email has become one of the fastest andwell. It is very simple for a cyber They do this by sending emails with simplest ways to communicate around thecriminal to create emails that malicious attachments or links world. As a result, it has also become onepretend to be someone or pointing to malicious websites. To of the primary methods cyber criminalssomething you trust, such as your protect yourself, only click on links use to attack others on the Internet.bank or your favorite online store. or open attachments if you areIn addition, cyber criminals send expecting them. If you are not sure  out literally millions of these if the email is legitimate, contactmalicious emails every day. Email your IT help desk or security team. This newsletter is published by the University of Colorado Officehas become a cheap and effective Privacy: Be careful of what of Information Security. For moreway to attack people around the you send in an email. When you information please send email toworld. As a result, you need to use send an email across the internet, [email protected] or visitemail carefully. In this newsletter that email can be intercepted and https://www.cu.edu/information-we discuss the most common email read just like a postcard. In privacy-and-securityattacks to look out for and steps addition, email is permanentlyyou can take to protect yourself, archived and stored forever. If youyour family, and our organization. have something highly confidential to communicate, encrypt the email or call the person instead. © The SANS Institute 2011

  The Attacks Phishing: The goal of phishing is not to infect your computer but to Spear Email is cheap, fast, and simple; steal your information. Criminals do Phishing   it is the perfect way to communicate. this by sending emails pretending to As a result, email is also the perfect be something you trust, such as your So far all of the attacks we method with which to attack millions bank. The emails will tell you that have discussed are designed to of people around the world. Here are your bank account needs to be attack as many people as three of the most common email updated and then include a link to possible. However cyber criminals attacks to look out for. login to your bank and update your have developed an even more information. dangerous type of attack called Malicious Attachments & Spear Phishing. This type of Links: Cyber criminals send emails However, the email is a lie. If you attack is when bad guys are that look like they come from click on the link it takes you to a targeting specifically you or our legitimate organizations, such as website that looks like your bank, but organization. Instead of sending your bank, a trusted online store, or in reality is controlled by cyber out millions of emails, they only a government organization. They do criminals. If you enter your send out twenty or thirty, all this by forging the “From Address” or information, thinking you are logging targeting specific individuals or a include real logos. The goal of the into your bank, you are really giving specific organization. email is to trick you into opening an your online banking information to attachment. The criminals create cyber criminals who will then use it to The reason these targeted convincing stories, such as telling steal your money. Never visit your attacks are more dangerous is you that your computer is infected bank or any other important website because the criminals do their and you must install the attachment by clicking on links in an email. research. They learn who works to fix it. Or they tell you that you must Instead, always type the URL in your in our organization, who we read the attachment because it has browser. That way you know you are communicate with and what our important information for you. If you going to the correct website. internal emails look like. They open the attachment, your computer then create customized emails will be attacked and, if successful, Scams: These emails use the based on this information and the cyber criminal will have total same attack that criminals have been send these emails to specific control of your system. Additionally, using for thousands of years. The individuals. As a result, when the cyber criminals can include links in cyber criminals fool you out of your victim receives these emails they emails that to take you to malicious money or trick you for your are often fooled and fall victim. websites. These websites will then information with a lie conveyed attack and attempt to infect your through email. For example, they will Since there are so few emails computer. tell you that you have just won the being sent, spear phishing attacks lottery and ask you to call a phone are harder to detect. These Just because you have anti-virus number to collect your prize. If you attacks are often missed by anti- software installed does not mean you call them, they will tell you that you virus or email filters. As always, if are protected. Cyber criminals have have to pay taxes on the prize first. an email or message seems developed new viruses that cannot Once you pay the money, the cyber suspicious, it most likely is an be detected by anti-virus software. If criminal disappears and you will attack. If you are not sure, you receive an email you did not never hear from him again. If a deal contact your IT help desk or expect, do not open any attachments sounds too good to be true, it most information security team. or click on any links. likely is.   © The SANS Institute 2011