By Steffen Mauer, ATLAS Intelligence GmbH
The invention of email in 1971 has revolutionised human communication. With 293 billion emails sent around the globe every single day in 2019, email is one of the world’s most important forms of human exchange.
Unfortunately, criminals take advantage of the historical weaknesses of the email protocol. Phishing attacks in combination with malware represent the most expensive cybersecurity damages for companies.
The email protocol does not differ between business or private. As the pitfalls and the security implementations are the same for both use cases, this document addresses both of them.
Online hackers use fake identities
Oftentimes, people don’t notice that Email were sent by hackers straight away, as the emails coming from hackers appear to come from one’s own domain. Due to the sender field within email being a custom text field, hackers are able to execute this type of attack known as spoofing. It enables hackers to enter any email address as a sender, which is automatically directed to the inbox of the receiving person, selected by the hacker.
Users are misled into unwanted action
The hacker’s victims are misled into clicking a link or opening an attachment. Most of the email bodies are HTML encoded, making it visually seem legitimate to the receiver. The images below show an example of a tourist redirected to a fake Airbnb website (an online rental platform) for a scam attempt.
People are misled to open links or attachments, redirecting them to either hacked websites like from official companies with viruses installed by the hackers or illegal websites, specifically constructed by malicious actors.
Interception of the communication system between the user’s email client and their email server
The so-called man-in-the-middle (MITM) attack is a hacker's evergreen. The green lock on the left-hand side of our browser has been applied to notice this interception method while the user is surfing the internet. The green lock indicates that the communication between the browser and the website is secure, meaning there is no third party involved.
This can also be applied to email servers. The email client and the email server use the same technique, except that users have no green lock to indicate the connection between them and their email server is secure. In the case of the user using inadequate encryption between his email client and the corresponding server, hackers have an overview of the user’s incoming and outgoing email.
To prevent identity spoofing, standards should be used to verify the sender of an email. This can be done by setting up a so-called SPF record on one’s domain. By automatically obtaining and attaching an S/MIME certificate on every single email, your identity is officially verified by a digital signature. For compliance reasons, it’s important to prefer S/MIME over PGP in business communication. Compliance with what?
It’s advisable to rely on the core function of email, known as a text-only conversation, to prevent hackers from attacking one’s computer. Text conversations are transparent and close to impossible to hack. Composing new emails in text-only format is key to having a secure and verifiable email communication. Furthermore, it is most safe when attachments are only in PDF or picture standard picture formats like PNG, JPEG and TIF. This applies to both receiving and sending attachments. If larger attachments have to be sent, file-sharing platforms are a safe and secure alternative to email.
Lastly, a state-of-the-art encryption of one’s connection and the shutdown of unnecessary services is a great way to prevent hackers from getting between the user and their email server. Using StartTLS as the encryption between your email client and your email server is a safe way to secure your email communication. Another tip is to use TCP ports 587 for SMTP and 110/143 for POP3 and IMAP to connect to the server. TCP ports 465, 995, and 993 are outdated nowadays. Denying access to ports that are not necessarily needed on one’s email server via a firewall is a great strategy for having a safe and secure email communication and to connect with others globally in today’s online world.
The following checklist is recommended for secure email communications:
|DON'T LET OTHERS STEAL YOUR IDEN ITY||1. Implement SPF on your Company-Domain
2. Attach an S/MIME certificate to all your emails to prove your identity
|PREVENT HACKERS FROM CONTROLLING YOUR COMPANY OR PRIVATE COMPUTER||1. Always compose emails as "Text only"
2. Never send or open formats other than: jpeg, jpg, tif, tiff, gif, png, bmp, txt, rft, csv, pdf
|PREVENT HACKERS FROM CONTROLLING YOUR COMPANY MAIL SERVER||1. Expose only the ports 25/tcp, 143/tcp, 110/tcp and 587/tcp on your mail server.
2. Offer only StartTLS as encryption method for the Clients.