With the new year here, it might be time to not just look forward, but take stock of something that comes up a lot on the blog: email safety. Email is probably the most reliable way of communicating with people between organizations, but it can be messy and unusable without extra filtering from an email service, which Crown Computers recommends. These services rely on patterns and large operations, so they’re more likely to let through targeted attacks, which are much more successful and damaging to your security. Either way, extra security services for your email can address two major problems in emails (through attachment sandboxing and URL rewriting), which we’ll show you in detail for today’s blog post.
The most obvious for email safety is to stay away from HTML attachments in any email. It looks like any other email attachment, but hopefully your email client (both mobile and workstation) points out to you that it’s an .html file. HTML is classically the type of file that a website is stored in, which is kind of like text but can contain code to be executed by your browser. This means that an .html file, when opened, can ask your web browser to do “some work” for it. That could mean displaying a simple website, or reaching out to a remote server or website (more on this below), or executing some malicious code as part of an attack on your network or workstation.
To stay away from these types of attacks, it’s preferable to just not open attachments, at least from external recipients (those who are outside of your organization). It may seem extreme, but given the risks that are out there, it’s probably completely socially acceptable to never open attachments; if something’s important, then you can find a way to transfer or download the file another way. If you’re unwilling to take that step, you’ll need a service like Proofpoint to help secure all of your internal and external emails.
Clicking links in emails have the same kind of function as the .html attachment: when you click it, your browser tries to establish a connection with a server “out on the internet.” If you’re lucky, the server is a known bad guy, and your email provider scans the link on the way out and blocks it. This is called URL rewriting, and it allows your email security provider to do its best to check if the link you’re clicking is legitimate. But again, it’s not 100% effective.
The links that you find in emails can be used for things other than running malicious code: they can be used as a signal that you’re looking at spam emails. Once an attacker knows that you’re susceptible to clicking on links, they’ll know how to better target you in future attempts at compromising you.
Think of it this way: every connection that you make to every website can be traced by the owner of the server (in addition to your service provider, including your VPN provider). This means that clicking a link in an email is like sending a text message to the attacker, letting them know that you clicked the link. It’s a very small signal, but it’s one that can open the spam floodgates and increase the likelihood that you’ll click the wrong thing in the future.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team