Email security

How Secure Is Email?

Email was designed to be as open and accessible as possible. It allows people in organizations to communicate with each other and with people in other organizations. The problem is that email is not secure. This allows attackers to use email as a way to cause problems in attempt to profit. Whether through spam campaigns, malware and phishing attacks, sophisticated targeted attacks, or business email compromise (BEC), attackers try to take advantage of the lack of security of email to carry out their actions. Since most organizations rely on email to do business, attackers exploit email in an attempt to steal sensitive information.

Spam

Spam is just junk emails that people most of the time don’t need and really don’t want. Lots of spam is sent everyday to anyone. People will access your email by either hacking into a website, by getting people to access fake websites or buying email addresses from other people.

Most spam is stopped from entering college by our Lightspeed spam filter or blocked by Sophos Anti-virus. It is important you don’t click of any unknown email attachments especially if they are zip or exe files. Scammers and cybercriminals will always continue to find new ways to scam people. This could be by emailing them or phoning them.

To ensure you don’t get spam emails on your personal emails, ensure you turn on your spam filter. The same rules for spam emails also apply to phishing emails.

The college also receives a lot of spam emails but we use Sophos Email Protection. A filter is used to stop spam emails from entering your account.

Phishing

How do you know if an email is a phishing email?

  • Check to see what the email address of the actual company is because it might be different to the email that has been sent to you by the sender pretending to be the company.
  • The email might not actually be addressed to you for example “Dear user” or “Dear customer”.
  • The email has poor spelling and grammatical mistakes.
  • Usually the email will be discussing something but urgently for example including words such as “you must”.
  • Usually phishing emails request you for personal and confidential information such as passwords and bank details. Most cybercriminals sent these emails for financial gain.
  • You weren’t expecting to get the email from this company.
  • You don’t know the person who sent the email to you.
  • An attachment is attached to the email and you weren’t expecting to get this email.
  • The email may contain information about viruses.
  • The email wants the person to urgently do something.

NOTE – You can report Phishing Emails that you have spotted to the NCSC by forwarding the email toreport@phishing.gov.uk

Can you spot when you’re being phished?
TAKE THE QUIZ
Impersonation Attacks

Impersonation tactics are often deployed in spear-phishing emails. They spoof the sender and/or sending domain to impersonate your executives, staff, business partners, and well-known internet brands to fraudulently extract money or data from your unsuspecting users. A common occurrence in schools and colleges is criminals send an email to the finance department pretending to be the principal asking them to transfer some money to their bank account. All the information they use is public knowledge so it’s down to the end-user to be vigilant enough to realise when something is wrong.

Spear-Phishing

Mass phishing and spear-phishing campaigns sometimes share similar objectives, such as harvesting credentials with a link to a phishing site. Spear-phishing emails are the result of research into intended targets. They are designed to appeal to the recipients by carrying a message that will resonate with them and coerce them into performing an action. Generally, an email saying ‘You’ve won a prize’ or an email pretending to be from your workplace asking you to complete a form will be sent to you, it will be something that you are likely to click on. This will then steal your password or other data.

Protecting yourself against dodgy emails
  • Don’t open emails from people you don’t know and don’t respond to them either.
  • Make sure your spam filter on your emails is on.
  • If someone has sent you a suspicious email do not open the attachment. If you did open the attachment which was a Word document, do not enable macros because as soon as they are enabled, malware could be downloading onto your computer.
  • Also if an attachment attached to a suspicious email is a zip file or exe file, do not open the attachment. But if an email is suspicious, never open an attachment.