Category Archives: Email Security

Beware of These 7 Common Email Spams

The types of email spams break the chain of luring offers that scare us when we check our emails. Almost everyone who has an email address sometimes has to deal with spam mail. However, if you know how to identify this spam email, you will not be the victim of the many online scams.

Email spam is more than just a nuisance. It’s also a lot of activity on the internet. Researchers say that an estimated 560 billion spam messages are sent every day, which constitutes 91% of all email communication. Although only a small percentage of spam recipients in these junk posts have been cheated, victims have lost nearly $ 500 million through cybercrime according to the FBI. This equates to 26,000 complaints per month or one request every 100 seconds.

To guard against these statistics, you need some information about what to look for in terms of spam and common sense. A good antivirus program does not hurt either. Knowing the different types of email spams, such as phishing scams, e-mail spoofing, Nigerian fraud, and pornography, is the first step in protecting yourself. It is also helpful to understand when it makes sense to reject an amazing (and probably fraudulent) offer or to check if it is a real business and not just a spammer who claims to be a true business.

As a rule, always review an offer, the URL of the website, of the suspicious email before revealing any personal information, password, or money. With these tips and common sense, even an impaired duck can fight different types of email spam. Remember, unless you don’t allow spammers cannot take you for a ride.

1. Unsolicited Advertisements

Unsolicited E-mail Ads are rather annoying because they are located in the junk mail folder, but they are usually quite low in the spam list. Hundreds of billions of e-mails are sent every day, most miracle weight loss drugs, men’s enhancement products, replacement products, online study programs, and drugs.

2. Phishing Scams

One of the most difficult types of spam to detect phishing emails. These programs are designed to look like official emails from financial institutions or large corporations like eBay and PayPal, but actually, redirect victims to an official-looking fraudulent website. This user is tricked to voluntarily enter their usernames and passwords, which are then used by the criminals to compromise real accounts.

3. Trojan horse Email

This email worm is considered obsolete in spam history books and are bad little bugs that not only infect the victim’s computer, but also send it to anyone on the victim’s contact list. The most famous worm was the ‘2000 ILOVEYOU’. It was a great success because who does not want to open the email of a loved one called I love you? Once opened and downloaded, the attached script would damage the local computer and be sent to all the known persons of the victim.

4. Chain Letters

Something bad will happen to you” Usually chain letters tell exciting stories and convince you to convey the message, otherwise you will be forced to do something very serious. Be careful or you will be unlucky.

5. Email Spoofing

Instead of using a technique to make other spam methods more credible, many spammers send messages that appear to come from a different email address than they actually have. This identity theft technique gives the impression that a fraudulent e-mail comes from a trusted source, company or organization. This strengthens the victim’s confidence, making participation in the fraud more likely.

6. Antivirus, Spam

No one wants a virus. When victims receive emails indicating that their computer is infected, and out of fear the user will believe the claim. Victims will fall into the trap and download the software in the pretence that it is an antivirus software, but they actually infect their computers with dubious viruses. To get rid of the virus, the software requires money to clean up the newly installed virus.

7. Porn Spam

Pornography is a major activity around the world that is used by a high percentage of the population and is a major source of harmful content. Porn spammers collect or purchase email addresses from people, send complete T&A announcements and direct victims to adult websites that are full of virtual versions of sexually transmitted diseases.

Also, Read

Top 6 Email Spam Blocker Tips | How to Avoid Email Spam Filters?

5 Fundamental Cybersecurity Issues With Email

Our Long Collective Struggle To Secure Enterprise Email

The post Beware of These 7 Common Email Spams appeared first on .

Secure your journey to the cloud with free DMARC monitoring for Office 365

Not knowing who is sending email “from” your organization is an enormous problem for IT managers for two reasons.

One problem is “shadow IT”—cloud services that employees have signed up for without IT oversight. Many of these services send mail—to employees, customers, or marketing prospects—which appear to come from your organization, opening you to legal and security risks. Identifying these services and getting them under control is a critical step in any cloud migration project.

The second problem is phishing, which plays a role in over 90 percent of all cyberattacks. For phishers, there’s not a more valuable tool than the ability to impersonate senders. These scammers rely on the fact that there is little stopping them from spoofing any domain they like in the “from” field of their phishing messages.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an essential tool for solving both of these problems. When an organization gets its domains to a quarantine or reject policy—what’s known as DMARC enforcement—it gains complete visibility into and control over all email purporting to be from that organization. For more on DMARC policies and how they pertain to inbound mail, read the “Best practices on implementing DMARC in Office 365” section in the Microsoft article Using DMARC to validate email in Office 365.

Before a company can get to an enforcement policy, it needs to identify all the email senders using its domain. If this crucial and potentially challenging step is omitted, it may wind up inadvertently blocking legitimate email sources (like a payroll provider or your CRM tool), simply because it hasn’t specifically authorized them.

While the benefits of DMARC are clear, many organizations have had trouble with the implementation of this open standard. DMARC directs receiving mail servers to send aggregate reports back to domain owners, so they can analyze which services are sending mail on their behalf. This data is valuable for both cloud migration and anti-phishing projects.

But it can be difficult to extract actionable intelligence from these reports, which are typically large XML files containing long lists of IP addresses. Companies need to do extensive “detective work” to figure out which services correspond to those IPs and which people within their organization are responsible for using those services, which includes updating the corresponding DMARC, Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) records to ensure that the services are properly authorized. What’s more, every change requires updating the Domain Name System (DNS), which itself can be an involved process.

What if you don’t have the time and resources to allocate to this long-term, sometimes tedious technical analysis?

Valimail Monitor for Office 365 can make this part of the DMARC journey much easier. Instead of manually parsing the massive amount of XML-based IP address data you get in DMARC reports, Valimail Monitor for Office 365 digests DMARC aggregate reports and turns them into an easily readable list of named services. In addition, for each of these services, Valimail shows how many messages are passing authentication and how many are failing and provides overall stats on DMARC authentications and authentication failures. This greatly simplifies this critical stage of the DMARC journey.

Screenshot of the DMARC Authentication Failure Rate in the Valimail Monitor dash.

The challenge is identification

Setting up a DMARC record isn’t difficult—it’s a simple txt record in DNS—and there are only three tags needed to configure a correct DMARC record. Once configured, the domain owner receives daily aggregate reports, via email, from virtually every mail receiver worldwide that gets mail from that domain.

The challenging part, as noted above, is using those DMARC aggregate reports to identify all those services that are sending email “as” the domain.

Here’s why it’s hard: In the era of cloud IT, it’s quite common for organizations to have dozens of third-party services sending email on their behalf. For example, an organization may have CRM, HR, support, payroll, and other workflow services that are core to its business. The one thing that ties all these services together is that they all rely on the company’s domain name to send email—notifications, invoices, receipts, and the like—which all need to come “from” the company. Their use of a domain name is a defacto standard that leverages the implicit trust employees, customers, and partners have when they do business with a company. (Watch a short one-minute video explaining why so many DMARC projects run into trouble.)

Before moving to a policy of enforcement, a company needs to have the confidence that it has correctly identified all these senders and white-listed them in its SPF configuration, and/or configured their DKIM keys correctly.

DMARC is incredibly useful to block phishing attacks and protect the brand, but many Office 365 customers who have implemented DMARC have not reached enforcement. They’ve manually parsed DMARC reports with self-help tools or consulting support. They’ve looked at millions of lines of XML to extract IP addresses which they then need to translate to named services. These services themselves may live on multi-tenant clouds, so discerning the true identity of a given service is further challenging because the underlying cloud infrastructure could be shared and may change without notice.

A fully automated, free service

Valimail Monitor for Office 365 makes the service-discovery component of DMARC implementation far easier, providing a fully automated visibility service, free of charge. With Valimail, Office 365 users can easily see all third-party services sending on their behalf, as well as potential imposters that are spoofing their brand. It eliminates the need to wade through XML-based aggregate reports or try to interpret which IP addresses correspond to which cloud services. Valimail Monitor for Office 365 provides a clean, clear, human-readable interface that lists services and their email volume on the domain in plain English.

Screenshot of reports in the Valimail Monitor dashboard.

With full visibility, Office 365 customers will be armed with all the information they need to determine which services are legitimate and authorized. From there, they’ll be in a position to confidently move their organization to full DMARC enforcement, where all unauthenticated traffic is blocked. Valimail makes this easy as well, with an upgrade path to Valimail Enforce, which fully automates DMARC enforcement.

As a member of the Microsoft Intelligent Security Association, Valimail provides a critical free service for Office 365 customers who want the benefits of DMARC enforcement. DMARC enforcement, together with the anti-spoofing and anti-phishing capabilities in Office 365, will effectively stop an entire class of phishing attacks.

Configuring Valimail Monitor for Office 365

Here’s how to get started with Valimail Monitor for Office 365:

  1. Sign up at the Valimail Monitor for Office 365 website.
    Note: This is a free service for Office 365 customers. Once you sign up, Valimail will email you the simple configuration instructions.
  2. Set aside five minutes to make the change in DNS to send your DMARC reports to Valimail (this has no impact on your email flow, deliverability, or any other aspect of your DNS).

Screenshot of Source of Email in last thirty days in the Valimail Monitor dashboard.

Within two weeks, Valimail Monitor will provide you a list of senders using your domain, and it will keep the list updated in real-time as DMARC reports continue to flow in. It also shows you where in the world emails sent using your domain are coming from. Don’t have an office or server in Brazil? That might just be the red flag you need to shut down a phisher impersonating your brand.

Using the Valimail dashboard, you’ll have the intelligence you need to know who is sending email using your domain and from where, so you can focus your time and resources on more complex activities to protect your organization.

Sign up for free at:

The post Secure your journey to the cloud with free DMARC monitoring for Office 365 appeared first on Microsoft Security.

Office 365 phishing

Let’s be honest: administering email is a pain. Routing issues, disk quotas, bouncebacks, the times when users can send but not receive emails, receive but not send, or they flat out cannot send or receive—the list goes on.

It’s no wonder that email-hosting services like Office 365 have become so popular. Such cloud-based email services remove a lot of the headaches caused by email configuration. They even include basic security features, meant to keep users safe from the latest threats.

They also provide options to simplify the user experience. Users can go directly to an Office 365 web page, enter their company credentials and log right into their email accounts from anywhere they like.

Take all this into account, add the reduction in costs that cloud email solutions often bring, and it sounds like the perfect solution. As a result, the use of services like Office 365 has skyrocketed.

Attackers have taken notice

Of course, its popularity has led to malicious attacks. Attackers are crafting and launching phishing campaigns targeting Office 365 users. The attackers attempt to steal a user’s login credentials with the goal of taking over the accounts. If successful, attackers can often log into the compromised accounts, and perform a wide variety of malicious activity:

  • Spread malware, spam, and phishing emails from within the internal network.
  • Carry out tailored attacks such as spear phishing and Business Email Compromise.
  • Target partners and customers.

At first glance, this may not seem very different than external email-based attacks. However, there is one critical difference: The malicious emails sent are now coming from legitimate accounts. For the recipient, it’s often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage “conversation hijacking,” where they deliver their payload by replying to an email that’s already located in the compromised inbox.

Figure 1 – An example Office 365 phishing email.

Reconnaissance attacks

However, there’s so much more that an attacker can do besides sending emails. Once an attacker has access to a legitimate mailbox, they can also do the following:

  • Obtain global company email address lists.
  • Scan mailbox for other credentials, personal information, or company information.
  • Attempt to gain further access to company resources.

These activities can go unnoticed, simply because the attacker is gathering information while logged in using authorized credentials. This gives the attacker time for reconnaissance: a chance to observe and plan additional attacks. Nor will this type of attack set off a security alert in the same way something like a brute-force attack against a webmail client will, where the attacker guesses password after password until they get in or are detected.

The attack chain

The methods used by attackers to gain access to an Office 365 account are fairly straightforward. The phishing campaigns usually take the form of an email from Microsoft. The email contains a request to log in, claiming the user needs to reset their password, hasn’t logged in recently, or that there’s a problem with the account that needs their attention. A URL is included, enticing the reader to click to remedy the issue.

The chain of events usually plays out like this:

  1. Attacker sends a phishing email that appears to come from Microsoft or another trusted source.
  2. User clicks on link in the email, which brings them to a page mimicking the Office 365 login page.
  3. User enters login credentials, which are scooped up by the attackers.
  4. The fake page does nothing, says that the login is incorrect, or redirects the user to the real Office 365 login page.

Given this series of events, the user would be none-the-wiser that their credentials had been stolen.

Figure 2 – Office 365 login vs. phishing login. Can you spot the difference?

The frequency of attacks

How successful are these attacks? While it’s unlikely anyone but the attackers would have data on the number of stolen credentials, or overall success rate, we can draw a few conclusions by looking at the phishing emails.

Agari Data Inc. is one company that monitors a variety of data points surrounding phishing campaigns. In fact, in their quarterly Email Fraud and Identity Deception Trends report, they often look at brand impersonation trends and provided some fresh numbers for us.

Over the last few quarters, there has been a steady increase in the number of phishing emails impersonating Microsoft. While Microsoft has long been the most commonly impersonated brand, it now accounts for more than half of all brand impersonations seen in the last quarter.

Figure 3 – Brand Impersonation Phishing Emails masquerading as “Microsoft”

Cloud email security efficacy

To its credit, Microsoft has baked a number of security technologies into its Office 365 offerings. However, given how these types of phishing attacks take place off their network, there is very little that can be done from within the cloud to protect against it. If an attacker gains valid credentials and uses them, how can you tell the difference based on a login attempt?

Fortunately, there are several steps you can take to further protect your email:

  • Use multi-factor authentication. If a login attempt requires a secondary authorization before someone is allowed access to an inbox, this will stop many attackers, even with phished credentials.
  • Deploy advanced anti-phishing technologies. Some machine-learning technologies can use local identity and relationship modeling alongside behavioral analytics to spot deception-based threats.
  • Run regular phishing exercises. Regular, mandated phishing exercises across the entire organization will help to train employees to recognize phishing emails, so that they don’t click on malicious URLs, or enter their credentials into malicious websites. For instance, Duo offers a free phishing simulation tool, called Duo Insight.

On the horizon

Cloud email services like Office 365 aren’t going anywhere. Given the many advantages that they present, there’s no reason they should. The fact is, given the current threat landscape, it’s often necessary to leverage additional security.

Based on a recent study conducted by ESG on behalf of Cisco, more than 80 percent of respondents reported that their organization is using SaaS email services. However, 43 percent of respondents still found that, after the move, they required secondary security technologies in order to shore up their email defenses.

At the end of the day, there are still valid needs for IT teams to set policies, gain visibility and control, utilize sandboxes, and leverage external blocking capabilities. Cloud email offers a lot of advantages, but to fully deliver on its promise, there is still a role for IT to ensure it is as secure as it can be.

Interested in reading more on email security? We’re about to launch the next installment in our Cybersecurity Report Series. “Email: Click with Caution, How to protect against phishing, fraud, and other scams” will be released early next month! Stay tuned…

Like this post? Subscribe to the Threat of the Month blog series and get alerted when the next blog post is released. 

The post Office 365 phishing appeared first on Cisco Blog.

Ransomware Attack Impacts Baltimore Emails, Online Payments

Some key online operations in the U.S city of Baltimore have been impacted following a ransomware attack.

Reports reveal that all online payment gateways and emails have been totally affected, bringing them all to a standstill, in Baltimore following a ransomware attack that happened in the first week of May. The hackers who have launched the ransomware strike are demanding a hefty amount as ransom for freeing all systems in the city.

Security experts have found that the ransomware attack on Baltimore has been executed using the EternalBlue exploit. The EternalBlue exploit, about which we have already written on many occasions, was developed by the U.S NSA (National Security Agency) exploit and was reportedly leaked by the Shadow Brokers hacker group in April 2017. It was using this exploit that cybercriminals launched the extremely devastating WannaCry attack in May 2017 and then the NotPetya attack in June 2017. EternalBlue exploits a vulnerability in the implementation of Microsoft’s SMB (Server Message Block) protocol and allows cybercriminals to execute remote commands on their target computers. Microsoft had released a patch for the issue in March 2017, but many users hadn’t installed the patch when the WannaCry attack and then the NotPetya attack happened. Even now, as per reports, there are millions of systems worldwide that are vulnerable to EternalBlue.

Reports say that the ransomware attack in Baltimore has impacted thousands of computers and has also affected many important services including health alerts, water bills, real estate sales etc. It’s also reported that as per a ransom note that was recovered from a computer in the city, the ransomware has been identified as RobbinHood, a relatively new ransomware variant.

A New York Times report dated May 22, 2019, says, “On May 7, the city discovered that it was a victim of a ransomware attack, in which critical files are encrypted remotely until a ransom is paid.”

The report further says, “The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading, but not before it took down voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations.”

It’s also reported that at least 1,500 pending home sales have been delayed. However, the city has put into place an offline fix this week to allow the transactions to proceed.

As regards the ransom note, the New York Times report says, “A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all…The price of this decentralized, hard-to-track virtual currency fluctuates wildly. On the day of the attack, the ransom would have cost about $17,000 per system, or less than $75,000 for them all.)”

The ransom note reads- “We won’t talk more, all we know is MONEY!…Hurry up! Tik Tak, Tik Tak, Tik Tak!”

The city officials have reportedly decided not to pay the ransom as of now. Mayor Bernard Young has reportedly told local reporters, as regards paying the ransom- “Right now, I say no. But in order to move the city forward? I might think about it. But I have not made a decision yet.”

Also, Read:

Still No Solution: Ransomware Attack Against Wolverine Solutions Group

Onslow County Utility Hit with Ransomware Attack

Port of San Diego, The Newest Victim of Ransomware Attack

Beware of 10 Past Ransomware Attacks

The post Ransomware Attack Impacts Baltimore Emails, Online Payments appeared first on .

Global secure email gateway market growth driven by data loss prevention capabilities

The global secure email gateway market is expected to post a CAGR of over 14% during the period 2019-2023, according to the latest market research report by Technavio. A key factor driving the growth of the market is data loss prevention capabilities. Many email gateway solutions help in DLP. DLP is extremely critical in a corporate environment as it helps prevent the leakage of sensitive information from the corporate network. The DLP component of an … More

The post Global secure email gateway market growth driven by data loss prevention capabilities appeared first on Help Net Security.

The Six Most Effective Email Spam Blocker Tips

Email, as we know, is always susceptible to spam. Anyone using email would have to face spam almost on a regular basis. Email clients today are equipped with anti-spam filters that filter and move spam to separate folders. But since such filters are not 100 percent effective, it’s always best for email users to know how to deal with spam in an effective manner. Here’s a look at some of the most effective of email spam blocker tips that could help combat spam in the best of manners

Begin by training your spam filter

As we’ve already stated, the email spam filter that your email client is equipped with by default is not 100 percent perfect in filtering emails and detecting spam. Thus, it becomes important for you to keep training your spam filter to be more perfect. This can be done in two ways. Firstly, whenever you come across spam that has sneaked past the spam filter and landed up in your inbox, you shouldn’t limit yourself to just deleting it. You should select it and tell your email client that it is spam by clicking on the button that’s given to report spam. Secondly, when mail that is not spam lands up in your spam folder, you should select it and tell the client that it made a mistake. You should click on the ‘Not Spam’ (or similar) button. This way, you can train your spam filter to perform better.

Secondly, train yourself not to respond to spam

Well, we’d say this is of utmost importance among all email spam blocker tips. Security always starts from the individual users. You must train yourself, in the very first place, to refrain from responding to spam. You’ll be coming across, almost on a daily basis, spam emails landing up in your inbox. Many of these might even look genuine. You need to train yourself to identify spam and also to refrain from responding to them. Even if an email seems a bit suspicious don’t click on the accompanying link or open the accompanying attachment. Confirm the genuineness of the email and then only open the link or the attachment. Similarly, whenever you realize that you’ve got spam that has been sent from a known email address, contact that person and pass on information regarding the same. That person might not be aware of this. This helps in effective prevention of the spreading of spam emails.

Learn to protect and, if needed, hide your email address

You must learn to protect your email address from spam. There are some very important things that you need to do for this. It’s best to have one or more alternative email addresses, which you could use for things like hotel booking, online shopping etc. This way, your primary email address would be saved from those unwanted spam emails that come following your online purchases or reservations or any such web activities that might enlist you to a spam despatch list.

Another thing that you could do to protect your email address is to hide it as much as possible. Never publish your primary email address on the web unless you absolutely have to do it. At places where you have to publish your email address, publish a secondary one if that’s OK. Publish your primary email address only when you have to do it.

Use third-party antispam filters

It’s always best to use third-party antispam filters or extensions that could help nab those spam emails that sneak past your default email spam filter. Such third-party filters work by identifying spam as messages travel between an email server and an email client. There are different options- free as well as paid- depending on the kind of device you are using and also depending on the extent of your filtering requirements.

Learn to unsubscribe things that you don’t need

There are certain things that come seeking you on a periodic level, like newsletters, which you might not actually need. It would be advisable if you can unsubscribe to such services if you don’t need them at all. Yes, make it a point to unsubscribe things that you don’t need in your inbox. There would be links that would allow you to unsubscribe to such services or to stop receiving emails from that source. This step could help curb spam emails, which might accompany such emails and newsletters, to a great extent.

Change email address, if needed

You must be ready to change your primary email address if needed. When you have accidentally responded to spam and your email address is infected beyond repair, when your email address has been revealed at too many places and stand chances of being suspected to spam attacks, and when your email address has loads of spam in it despite existing security measures being taken (because of security flaws or other such issues) it’s best to change your primary email address, at the earliest. This, we agree, is a drastic step, but if such a drastic step has to be taken, just go for it. Security, after all, is of utmost importance.


Related Resources: 

Best Anti-Spam Email Filters for Thunderbird

How To Avoid Being A Phishing Scams Victim

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Phishing Emails Are Here To Stay, Says Security Firm

The post The Six Most Effective Email Spam Blocker Tips appeared first on .

Cybercrime and Fraud Part 1: Modern Tales of Piracy and Plunder

Calico Jack, Captain Blood, and Blackbeard. So many recognizable stories, books, and movies have been made about the period of stealing and looting exemplified by the golden age of piracy. Time will tell whether we see such romanticized stories of dashing rogues based on this new golden age of criminality that we now live in. In fact, if you look at the FBI’s statistics, the internet has enabled cybercriminals to increase their ill-gotten gains by 700% in 10 years (2007-2017). To put that in perspective, when pirates looted and plundered their way across the seven seas, the top 20 pirates ever stole about $615.5 million when adjusted to 2017 dollars. Flash forward several hundred years and compare that to the takings from cybercrime in the US alone, where the FBI has just released new estimate losses exceeding $2.7 billion in 2018!

In this series of blogs, I’ll be exploring cybercrime and fraud, outlining some of the strategies that you can adopt to help mitigate risk, and how you can use Cisco products and technologies to help implement those strategies.

So, let’s delve into this golden age of criminality in a little more detail. First, it’s important to realize that the scale of this illicit profit has brought with it a tremendous amount of professionalism. This is illustrated by the fact that while losses have increased 700%, the number of incidents has only increased by 50%, resulting in a much higher loss per incident. Of course, the FBI only has a US-centric view, so how representative is it globally? If we consider research from the Center for Strategic and International Studies (CSIS), the estimated global cost of cybercrime is 0.59% to 0.8% of GDP ($445 billion to $608 billion). Furthermore, if we then compare that to the value that the UN Office on Drugs and Crime (UNODC) assigns to the global cost of the illicit drugs trade of 0.5% to 0.6% of GDP, you realize that the cybercrime market is at least as big, if not bigger, than the global trade in illicit drugs! With such profits obtained at risks that are fractional compared to other criminal enterprises, it’s easy to see why cybercrime remains an attractive and growing area for professional criminals.

So how much could it continue to grow? Are we already at peak cybercrime? In October 2017, BITKOM (German Association for Information Technology, Telecommunications and New Media) published a survey that showed 49% of German internet users had been a victim of cybercrime. Furthermore, if we compare this to an analysis from the US Department of Justice looking at the Lifetime Likelihood of Victimization that estimated that 99% of people would be a victim of robbery at least once and that 87% of people would be a victim 3 or more times, and you can see that, depressingly, there appears to remain a significant growth prospect for cybercrime.

So what’s driving this explosive growth in cybercrime? Interestingly enough, it’s actually a new form of a very old crime: Fraud. And by old, I mean really old! They say the earliest recorded form of fraud is the story of Hegestratos in 300 BC! Hegestratos took out a large loan for cargo secured against the value of his ship. When the ship arrived, and the cargo was sold, the lender would be repaid with interest. If the loan was not repaid, the lender had security in the form of the ship. However, if the ship sank, the lender lost both the loan and the security. Needless to say, Hegestratos figured it was easier to sink the ship, save the cargo and sell it and pocket the loan for good measure! What’s remarkable is how, since those days, fraud has evolved as time, technology, and most importantly, the law has advanced. After all, why even bother going to all the trouble of having a ship if you can just pretend to have one? This was made an offense in the UK by as early as 1541 (obtaining property by false or counterfeit token). Once again, fraud evolved so that by 1757 the law would need to be updated to the broader concept of false representation. In the US, with its larger geography, the symbiotic evolution of fraud, technology, and the law are even more clear where counterfeiting laws of 1797 evolved into false claims in 1863, mirroring the evolution of the law in the UK before then having to add mail fraud in 1872 and then wire fraud in 1952. At each stage you can see how criminals are the first to adapt and exploit the opportunities new technology provides for fraud before the defenders can catch up.

Today, little has changed as we continue to see the same scenarios playing out. According to the German Federal Police Division responsible for Crime, the Bundeskriminalamt (BKA), 99.4% of all recorded cybercrime loses come from fraud. The emphasis here is on recorded losses as the BKA makes some great points about the difficulties in truly quantifying cybercrime losses, especially intangible losses such as reputational or brand impact. Therefore, if we cross reference these numbers with the annual Internet Crime Report from the FBI Internet Crime Complaint Center (IC3) and some quick addition reveals that all forms of fraud accounted for approximately 85% of the overall number, validating the BKA’s approach. In fact, they specifically call out the losses associated with two specific forms of fraud known as Business Email Compromise (BEC) and Email Account Compromise (EAC). These are two variations on a fraud in which the criminals use social engineering, deception, or other intrusion techniques to conduct unauthorized transfers of funds.

The classic example of this is when the person responsible for the finance or payment of suppliers receives an email purportedly from the Chief Executive Officer (CEO) demanding the urgent payment of a supplier via wire transfer. Of course, the email isn’t from the CEO and the account details are nothing more than an account being held by another unsuspecting person who will transfer it on again. By the time the fraud has been identified, the money has moved several times through various accounts and potentially countries and will rarely be recovered. Emphasizing the earlier point regarding the professional nature of this type of crime, the FBI said the perpetrators of this are “transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers” who “may spend weeks or months studying the organization’s vendors, billing systems, and the CEO’s style of e-mail communication and even his or her travel schedule.” The gains for the criminal are staggering, in its 2016, 2017 and 2018 reports, the FBI IC3 identified it as a hot topic and estimated the losses in 2018 were nearly $1.4 billion.

How does this compare with losses from other forms of cybercrime? Well, in 2018, the FBI statistic for losses due to another popular from of cybercrime, the classic corporate data breach, was $117.7 million or 8% of the loss due to BEC/EAC. Looking at the state of California within the FBI statistics, we see that BEC/EAC is the single biggest cause of losses, accounting for 33% of the overall losses due to any form of cybercrime. So, has this risk peaked? Well, examining a survey from credit agency, Experian, you can see that they identified that 72% of businesses have a growing concern about fraud in 2017 and 63% of them have experienced the same or higher losses due to fraud pointing to a real and growing risk. It’s worth bearing in mind that despite the FBI’s estimated total losses from BEC/EAC now exceeding $5 billion, the losses increased 78% between 2016 and 2017 and again by 92% between 2017 and 2018. Bad as it is, things may continue to get a lot worse.

So, what is to be done? In the next blog post, I’ll be talking about some of the strategies, products, and technologies that can help address and mitigate the issues I discussed in this blog. Of course, I welcome your thoughts, comments and feedback so please do take the time to let me know your thoughts!

The post Cybercrime and Fraud Part 1: Modern Tales of Piracy and Plunder appeared first on Cisco Blog.

“Spark Joy” With New 12.0 Email Security Features & Videos

When you see “software update available,” does it spark joy? For many of us, the answer is a resounding “no.” But, don’t be fooled into thinking that our new 12.0 release of Cisco Email Security is anything other than extraordinary. Here are three reasons why:

  • Our SVP of Product Management, Jeff Reed, puts it best: “It’s our biggest update in years.” We’ve poured resources into our Cisco Email Security product and it shows in a release that’s full of new features that directly impact our customers’ biggest pain points.
  • Cisco’s 12.0 release is threat focused. From the ground up, this release aims to arm organizations against common threats like phishing and business email compromise. As the frequency of email threats continue to rise, our customers can be confident that we continue to improve our security technology with updates to Sender Domain Reputation and External Threat Feeds (ETF).
  • We’re investing in the user experience. 12.0 for Security Management Appliance introduces Cisco’s next generation user interface and drives administrative intuition forward. A quicker UI, easy-to-read reporting summaries, and the continued trusted results makes it easier than ever to have an integrated approach to your email security posture.

Ready to dive into our latest release? We’ve compiled several resources to help you realize the value of these updates. First, the Release Notes for 12.0 for Email Security and the Release Notes for 12.0 for SMA include what’s new in the release and provides an easy-to-use guide to updating your software. Next, be sure to check out these videos below for a more in depth look at our most noteworthy features:


New to 12.0 is our How-Tos Widget.  This contextual widget provides in-app assistance to users in the form of walkthroughs to accomplish configuration and administrative steps within Cisco Email Security.  This video provides a brief walkthrough of this useful new tool.

External Threat Feeds

We’re excited—this release includes External Threat Feeds (ETF), which support STIX/TAXII. If you’re looking to take advantage of integrating external threat information,  this video walks through how you can add third-party threat feeds into your appliance and configuration.

Sender Domain Reputation (SDR)

Cisco SDR is our next level of providing a reputation verdict for email messages based on a sender’s domain and other attributes.  How does SDR work? This video explains how the reputation of an email is collected and what impact it has on email security.



DNS-based Authentication of Named Entities (DANE)

DANE adds additional ability to our encryption capabilities in Cisco Email Security.  This video dives into the new DANE features and explains how to configure it.


Smart Licensing

Why consider using a smart license? It’s easier to control usage, simplifies maintenance and eliminates the need for right-to-use licensing.

Cisco Threat Response

This video is an introduction to the new Cisco Threat Response (CTR) integration with AsyncOS 12.0 for Cisco Email Security. This video will explain how to integrate your Security Management Appliance (SMA) with CTR as a step-by-step walkthrough tutorial.


Once you are up to speed on what our 12.0 release can do for you, the final step is to upgrade!  After, be sure to reference the 12.0 User Guide for in-depth administration and further questions regarding services and configuration.

For even more email security resources, be sure to check our Cisco Email Security page regularly for whitepapers, analyst reports, videos and more.