{"id":2492,"date":"2020-04-30T09:11:20","date_gmt":"2020-04-30T07:11:20","guid":{"rendered":"https:\/\/bluemind.purpl-web.com\/?p=2492"},"modified":"2020-04-30T09:11:23","modified_gmt":"2020-04-30T07:11:23","slug":"email-threats-and-nuisances","status":"publish","type":"post","link":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/","title":{"rendered":"Email: threats and nuisances"},"content":{"rendered":"\n<p>The health crisis that\u2019s been affecting the world since the beginning of the year has unfortunately come with a series of cyberattacks: <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2020-03-16\/u-s-health-agency-suffers-cyber-attack-during-covid-19-response\">public administrations<\/a>, businesses, <a href=\"https:\/\/threatpost.com\/la-county-hit-with-doppelpaymer-ransomware-attack\/155024\/\">local authorities<\/a> and even <a href=\"https:\/\/www.zdnet.com\/article\/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak\/\">hospitals<\/a>. No one has been spared (although some ransomware operators <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic\/\">claim that they will show some respite<\/a>&#8230;).<\/p>\n\n\n\n<p>Email, which is the main means of workplace communication, is booming as a consequence of lockdown and widespread remote work. Everyone uses it. Everyone can be reached by email. All business documents go through mail \u2013 invoices, contracts, client information, documents, appointments. As a result, email is a victim of its own success: it is hackers\u2019 target of choice when attacking organisations.&nbsp;<\/p>\n\n\n\n<p>So, what do these attacks look like? How can we spot them and how can we protect ourselves against them?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><span style=\"color:#0693e3\" class=\"tadv-color\">Is spam still an issue?<\/span><\/strong><\/h2>\n\n\n\n<p>If Bill Gates\u2019 prediction had come true, <a href=\"https:\/\/www.theregister.co.uk\/2004\/01\/26\/well_kill_spam_in_two\/\">the internet would be spam-free since 2006<\/a>. A quick look into your spam folder should be enough to prove otherwise.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1000\" height=\"667\" src=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-torsten-dettlaff-from-pexels.jpg\" alt=\"\" class=\"wp-image-2479\" srcset=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-torsten-dettlaff-from-pexels.jpg 1000w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-torsten-dettlaff-from-pexels-300x200.jpg 300w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-torsten-dettlaff-from-pexels-150x100.jpg 150w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-torsten-dettlaff-from-pexels-768x512.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption>Photo by Torsten Dettlaff from Pexels<\/figcaption><\/figure>\n\n\n\n<p>\u201cThree million spam messages are sent on the internet every second \u2013 i.e. 262 billion spam messages every day, which accounts for 95,000 billion messages per year throughout their short lifetime (creation, sending, reception, storage and reading)\u201d <a href=\"https:\/\/solutions.lesechos.fr\/tech\/c\/15-annees-devolutions-des-spams-phishing-virus-et-ransomwares-17176\/\">Les Echos Solutions<\/a>, November 2019.<\/p>\n\n\n\n<p>To many of us, spam emails stick out like a sore thumb and the ruses they use are so obvious that we do wonder why they still work. How, in the year 2020, can anyone still fall for the long-lost uncle suddenly wanting to leave you his immense fortune in inheritance? Unfortunately, many people do. \u201cSpam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,\u201d Adam Sheehan, Behavioural Science Lead at MWR InfoSecurity told <a href=\"https:\/\/economictimes.indiatimes.com\/tech\/internet\/spam-still-the-top-source-of-malware-f-secure\/articleshow\/65231399.cms\">The Economic Times<\/a>.<\/p>\n\n\n\n<p><strong>Spam is still going strong for three key reasons:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It costs next to nothing to send and it can bring huge profits. Sending one million emails costs from \u20ac5 to \u20ac4,000 and can bring up to \u20ac130,000 per month in revenue (<a href=\"https:\/\/www.nouvelobs.com\/rue89\/rue89-economie\/20090816.RUE1865\/spam-0-00001-des-internautes-cliquent-mais-ca-suffit.html\">L\u2019Obs, 2016<\/a>).&nbsp;<\/li><li>There\u2019s no single source. No organisation controls email. There\u2019s no valve to stop the flooding. One spam message may be blocked by one mail provider but cleared by another one.<\/li><li>Identifying an email message as spam isn\u2019t easy and can be subjective. An ad may be perceived as spam by some people but not by others (that\u2019s where antispam aggressiveness comes in).<\/li><\/ul>\n\n\n\n<p><em>[As an aside if you\u2019re looking for quarantine entertainment, you might want to <\/em><a href=\"https:\/\/www.ted.com\/talks\/james_veitch_this_is_what_happens_when_you_reply_to_spam_email?language=fr#t-576125\"><em>try answering spam messages<\/em><\/a><em>]<\/em><\/p>\n\n\n\n<p>The issue of spam itself can be quickly resolved by aggressive antispam filters, and deleting messages may be enough to forestall attacks \u2013 although aggressive antispam filters can block legitimate messages. But spam can become a serious threat for you and your business\u2026 when it contains malware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><span style=\"color:#0693e3\" class=\"tadv-color\">Phishing, malware and ransomware<\/span><\/strong><\/h2>\n\n\n\n<p>The starting point is spam. Somewhere in the midst of all the unsolicited messages, traps are hiding. What for? To trick message recipients into believing that the message is something important that they need to respond to \u2013 e.g. a bank request or a note from a colleague \u2013 and lure them into clicking a link or downloading an attachment. That\u2019s called <a href=\"https:\/\/www.ncsc.gov.uk\/guidance\/phishing\">(spear)phishing<\/a>. <a href=\"https:\/\/www.vadesecure.com\/en\/\">Vade Secure<\/a>, an email security specialist who works with BlueMind, has published an infographic aimed at helping people spot <a href=\"https:\/\/info.vadesecure.com\/hubfs\/Ressource%20Marketing%20Website\/Infographie\/EN\/Avoid_Spear_Phishing_EN_2019.pdf\">such emails<\/a>.<\/p>\n\n\n\n<p>The attachment \u2013 when it is downloaded &#8212; or the link lead to malware. This includes Trojan horses. Once they\u2019re installed or run, they can siphon all your system data. Some more aggressive programs might even open your system to remote control.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"684\" src=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-1024x684.jpg\" alt=\"\" class=\"wp-image-2477\" srcset=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-1024x684.jpg 1024w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-300x200.jpg 300w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-150x100.jpg 150w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-768x513.jpg 768w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-1536x1025.jpg 1536w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-2048x1367.jpg 2048w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-skitterphoto-from-pexels-1140x761.jpg 1140w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption><em>Photo by\u00a0<\/em><strong><a href=\"https:\/\/www.pexels.com\/@skitterphoto?utm_content=attributionCopyText&amp;utm_medium=referral&amp;utm_source=pexels\">Skitterphoto<\/a><\/strong><em>\u00a0from\u00a0<\/em><strong><a href=\"https:\/\/www.pexels.com\/photo\/brown-wooden-mouse-trap-with-cheese-bait-on-top-633881\/?utm_content=attributionCopyText&amp;utm_medium=referral&amp;utm_source=pexels\">Pexels<\/a><\/strong><\/figcaption><\/figure>\n\n\n\n<p>One type of <a href=\"https:\/\/www.zdnet.com\/article\/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year\/\">frequently-talked about<\/a> malware is ransomware. Ransomware encrypts the data on a victim\u2019s computer and the hackers demand a ransom for its release. Victims receive payment instructions in exchange for the decryption key. Costs may range from a few hundred to thousands of Euros \u2013 typically in Bitcoins &#8211;, payable to the cybercriminals, and the <a href=\"https:\/\/www.csoonline.com\/article\/3227906\/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html\">consequences are often devastating<\/a>.<\/p>\n\n\n\n<p>Office 365 users are an ideal target for such attacks, as Vade Secure explain on <a href=\"https:\/\/www.vadesecure.com\/en\/multi-phase-attacks-how-hackers-combine-phishing-and-spear-phishing-to-target-office-365-users\/\">their blog<\/a>: \u201cWith 155 million corporate users and a single point of entry into the entire Office 365 suite, it\u2019s a remarkably fertile environment for malicious behaviour. In contrast, before this service was available, each organisation had its own email server, and thus had to be hacked individually. Now, Office 365 presents one target: find a way in and hackers potentially have access to 155 million accounts!\u201d<\/p>\n\n\n\n<p>The <a href=\"https:\/\/betanews.com\/2019\/09\/03\/cloud-safer-than-on-premise\/\">old SaaS v. On Premise<\/a>s debate is less relevant here \u2013 not as much as your solution\u2019s sovereignty.<\/p>\n\n\n\n<p>You can protect yourself from cyberattacks with security tools (firewall, encrypting, two-factor authentication, backups, etc.). Some solutions go even further and use artificial intelligence, for example, to analyse the URLs contained in emails, attachments or images (e.g. appropriated logos). Still, one of the most effective actions you can take is to train your employees to spot threats, as the human factor represents the greatest risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><span style=\"color:#0693e3\" class=\"tadv-color\">The human factor<\/span><\/strong><\/h2>\n\n\n\n<p>Technology alone isn\u2019t enough to fight against email security threats.<\/p>\n\n\n\n<p><a>With this analogy, <\/a><a href=\"https:\/\/www2.cso.com.au\/article\/667214\/human-factor-cyber-security\/\">CSO Online<\/a> illustrates how the human risk weighs on cybersecurity: \u201cConsider a footpath that diverges at a 90-degree angle, but there is a grassed area that fills the space of that right angle. Where are the majority of pedestrians going to walk? I can assure you that they will not be taking the longer route on the concrete footpath. There will be a well-worn dirt track through the middle of the grass. The fastest and easiest way to get where they need to get to. The same principle applies to security controls. When an end-user identifies an easier way to achieve their aims, then that is the route they will take. When security controls and technology solutions are implemented with minimal consideration for the workflows of the end-user, friction occurs. Where friction occurs, circumvention will inevitably be the result. Circumvention of security controls, of course, leads to data breaches.\u201d<\/p>\n\n\n\n<p>This is what BlueMind is working on \u2013 to meet users\u2019 needs while incorporating security issues into its product development philosophy. Meeting user satisfaction \u2013 e.g. allowing and providing seamless access to the market\u2019s email clients such as Outlook, Thunderbird, webmail, MacOS, mobile devices, etc. \u2013 helps prevent unplanned uses which could compromise your organisation\u2019s security.<\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"User vs IT security\" width=\"800\" height=\"600\" src=\"https:\/\/www.youtube.com\/embed\/84gvEKJiJzc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>For instance, user circumvention often is an issue when it comes to passwords. No one is capable of memorising a dozen different 10-character long passwords. So, to save time, and despite corporate directives, people use their date of birth or their cat\u2019s name and they use the same for all services. A required update? Why not use and old password you remember?!<\/p>\n\n\n\n<p>Hackers are all too aware of this. Regardless of technological security levels, people are still the weak link and hackers\u2019 main target. Human behaviour is an opportunity for them to exploit, and it represents a huge risk for organisations. This is why, in the last few years, cyberattacks have focused on people rather than infrastructure.<\/p>\n\n\n\n<p>New employees, for instance, are their <a href=\"https:\/\/www.vadesecure.com\/en\/why-your-new-employee-is-a-perfect-target-for-a-spear-phishing-attack\/\">target of choice<\/a>. Professional social media help hackers find out who has joined a company and when, in what role, in what team and under whose management. \u201cThe first weeks at a new job is a vulnerable time for employees. Depending on the role, it can be unclear to a new employee what is and isn\u2019t typical, especially when it comes to processes and colleagues.\u201d Vade Secure\u2019s blog points out.<\/p>\n\n\n\n<p>To contain human-related risks, a good cybersecurity strategy must at a minimum involve an internal awareness campaign \u2013 to communicate procedures and good practices clearly to employees as soon as they join, as well as throughout their evolution within the company. To deter circumvention, cybersecurity must be an integral part of corporate culture. It must not be presented as a constraint but as standard practice.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><span style=\"color:#0693e3\" class=\"tadv-color\">New human-centred threats<\/span><\/strong><\/h2>\n\n\n\n<p>You have to hand it to hackers, they are resourceful. The Covid-19 pandemic is an ideal breeding ground for their creativity. Many cybersecurity companies are warning of an increase in attacks using the pandemic as bait in phishing campaigns (<a href=\"https:\/\/techcrunch.com\/2020\/03\/12\/hackers-coronavirus-malware\/\">TechCrunch March 2020<\/a>).<\/p>\n\n\n\n<p>What these hackers do is called social engineering \u2013 the art of using human psychology rather than technology to design cyberattacks. For instance, rather than look for software weaknesses, they might call a company employee and impersonate an IT support colleague to try and lure them into giving them their password.<\/p>\n\n\n\n<p>Riding the current pandemic wave, cybercriminals sent an email posing as WHO with a link to a document allegedly outlining Covid-19 prevention measures. In fact, the link redirected victims to a malicious webpage which attempted to collect identification details. The email contained several format and grammatical errors which were obvious giveaways to most people, but others \u2013 many \u2013 clicked the link anyway (you can find all the details about this scam <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/05\/coronavirus-safety-measures-email-is-a-phishing-scam\/\">here<\/a>).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"768\" height=\"781\" src=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/fake.png\" alt=\"\" class=\"wp-image-2470\" srcset=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/fake.png 768w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/fake-295x300.png 295w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/fake-148x150.png 148w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/figure>\n\n\n\n<p>Social engineering can come in many shapes en forms. A particularly effective and dangerous one is BEC (Business Email Compromise). Have you seen the film \u201cThank you for calling\u201d (<a href=\"https:\/\/www.youtube.com\/watch?v=62iIX3sXbJM\">Trailer<\/a>)? It tells the story of <a href=\"https:\/\/nypost.com\/2016\/03\/28\/this-man-seduced-businessmen-out-of-millions\/\">Gilbert Chikli<\/a>, a crook made famous by the \u201cfake CEO\u201d scam. \u201cFor 18 months, between 2005 and 2006, he passed himself off as the CEO of major French companies such as La <a href=\"https:\/\/en.wikipedia.org\/wiki\/La_Poste_(France)\">Poste<\/a>, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Galeries_Lafayette\">Galeries Lafayette<\/a>,&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Disneyland_Paris\">Disneyland Paris<\/a>, <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Pages_jaunes\">Pages jaunes<\/a>&nbsp;or <a href=\"https:\/\/en.wikipedia.org\/wiki\/Groupe_Caisse_d%27\u00c9pargne\">Caisse d\u2019\u00e9pargne<\/a>, contacting company executives and talking them into handing him hundreds of thousands of Euros in cash or by bank transfer allegedly to fight terrorist financing and acting on the orders of the French secret services, thereby swindling almost 50 million Euros\u201d (Wikipedia.fr).<\/p>\n\n\n\n<p>This phone scam caused a big stir at the time &#8212; to the point it was made into a feature film &#8211;, but the concept having now moved to email &#8212; as Business Email Compromise \u2013, it continues to cause major damage (in 2019, an Italian company was swindled out of <a href=\"https:\/\/www.secureworldexpo.com\/industry-news\/business-email-compromise-bec-case\">$18.6 million in one week<\/a>).<\/p>\n\n\n\n<p>A BEC attack begins with identity theft whereby hackers pose as a company\u2019s manager, CEO or supplier. They contact one or several company employees with the privileges necessary to respond to their demands and order a seemingly legitimate payment. The email message appears authentic and comes from a known authority figure, so the employee complies. Typically, the hacker will ask for the payment to be made by bank transfer or cheque, depending on the company\u2019s usual policy. There have also been recent cases of sensitive data being demanded as payment instead of money.<\/p>\n\n\n\n<p>Technology isn\u2019t enough to fight such attacks! Employee training and awareness is key. Security specialists also recommend using multi-factor authentication, such as a combination of passwords and biometric data, in order to block hackers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><span style=\"color:#0693e3\" class=\"tadv-color\">Security and BlueMind<\/span><\/strong><\/h2>\n\n\n\n<p>BlueMind is a mail software publisher with strong security expertise. However, developing antivirus or antispam software is a business in its own right, which is why we rely on our partners for these solutions &#8212; Vade Secure and AltoSpam, for instance.<\/p>\n\n\n\n<p>In parallel, we\u2019ve taken a series of measures to make BlueMind secure. This includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Trusted, up-to-date system components (postfix, Cyrus, postgreSQL, etc.),<\/li><li>A built-in firewall that restricts data flows to authorised BlueMind users and components<\/li><li>Encrypted data flows<\/li><li>Modules such as password management<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><span style=\"color:#0071a1\" class=\"tadv-color\">Certificate management<\/span><\/strong><\/h4>\n\n\n\n<p>For increased, easier security, BlueMind uses advanced certificate management to encrypt internal and external exchanges. Certificates are configured in the admin console, which makes it transparent throughout the BlueMind infrastructure.<\/p>\n\n\n\n<p>BlueMind server connections are secured via certificate. On single-server installations, the certificates generated when BlueMind is installed can be replaced by customised certificates.<\/p>\n\n\n\n<h4 class=\"has-text-color wp-block-heading\" style=\"color:#0071a1\"><strong>Mail protocol encryption<\/strong><\/h4>\n\n\n\n<p>By default, BlueMind supports standard mail encryption protocols \u2013 IMAPS, POPS and SMTP TLS.<\/p>\n\n\n\n<p>The BlueMind solution uses standard mail protocols and recommends the use of their encrypted versions. The use of secured versions (IMAPS, POPS&#8230;) can be forced. SMTP negotiation also includes the STARTTLS option (SMTPS). All collaborative connections &#8212; between smartphones and BlueMind, between Outlook and BlueMind &#8212; and internet connections &#8212; via BlueMind\u2019s web interfaces or the Thunderbird plugin &#8212; use the authentication-based (secure) HTTPS protocol.<\/p>\n\n\n\n<p>Encryption is made via a signed certificate \u2013 which we recommend you replace by a trusted signed third-party certificate.<\/p>\n\n\n\n<h4 class=\"has-text-color wp-block-heading\" style=\"color:#0071a1\"><strong>Built-in firewall<\/strong><\/h4>\n\n\n\n<p>To protect your servers, BlueMind incorporates a firewall automatically configured to restrict data flows to those required and authorised hosts only.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><span style=\"color:#0071a1\" class=\"tadv-color\">Complex password policy<\/span><\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"551\" src=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp-1024x551.png\" alt=\"\" class=\"wp-image-2475\" srcset=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp-1024x551.png 1024w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp-300x162.png 300w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp-150x81.png 150w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp-768x414.png 768w, https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/modification-de-mdp.png 1040w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>For extra user password security, you can set up a policy using the \u201c<a href=\"https:\/\/forge.bluemind.net\/confluence\/display\/BM4\/Administration+des+utilisateurs#Administrationdesutilisateurs-S%C3%A9curit%C3%A9dumotdepasse\">Password SizeStrength<\/a>\u201d plugin which enforces strict rules for passwords to be valid. If a user does not comply with rules when they try to change their password, an alert is displayed at the top of the page.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><span style=\"color:#0071a1\" class=\"tadv-color\">Extra Security Measures<\/span><\/strong><\/h4>\n\n\n\n<p>As part of a specific project, extra security measures can be taken, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A white list of authorised IPs, distributed by protocol,<\/li><li>A list of ActiveSync-authorised devices.<\/li><\/ul>\n\n\n\n<p>Other infrastructure or flow-based security policies \u2013 e.g. a traffic analysis tool (an Intrusion Detection System such as Snort) \u2013 can also be set up to detect or react to suspicious activity. &nbsp;<\/p>\n\n\n\n<h4 class=\"has-text-color wp-block-heading\" style=\"color:#0071a1\"><strong>BlueMind security breach handling<\/strong><\/h4>\n\n\n\n<p>BlueMind takes great care to equip its solution with the highest security levels. A set of development rules is designed to limit security breaches. Although they are rare, breaches to the BlueMind code do occasionally occur. As soon as one is detected, it is analysed to establish its criticality. It is then corrected and a fix is released, either as part of minor version update if its criticality is low, or as a hotfix if its criticality is high.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"color:#0693e3\" class=\"tadv-color\">In conclusion<\/span><\/h2>\n\n\n\n<p>Email is a great work tool, but it also is a preferred means of attack because of its ubiquity. Cybercriminals\u2019 ingenuity knows no bounds. We recommend that you approach an email security specialist such as Vade Secure who will ensure that you are up to date with new fraudulent techniques and will help you implement the technological means required to counter them.<\/p>\n\n\n\n<p>On your end, raising employee awareness is crucial, not as a one-off measure but continuously over the long term. It has to be integrated into your work culture.<\/p>\n\n\n\n<p>During this time of massive remote work, you might be interested in reading ZdNet\u2019s article \u201c<a href=\"https:\/\/www.zdnet.com\/article\/working-from-home-cybersecurity-tips-for-remote-workers\/\">Working from home: cybersecurity for remote workers<\/a>\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The health crisis that\u2019s been affecting the world since the beginning of the year has unfortunately come with a series of cyberattacks: public administrations, businesses, local authorities and even hospitals. No one has been spared (although some ransomware operators claim that they will show some respite&#8230;). Email, which is the main means of workplace communication, [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":2478,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[179,1,11],"tags":[192],"class_list":["post-2492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-solution-en","category-non-categorise","category-usages-en","tag-featured"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Email: threats and nuisances - Bluemind<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Email: threats and nuisances - Bluemind\" \/>\n<meta property=\"og:description\" content=\"The health crisis that\u2019s been affecting the world since the beginning of the year has unfortunately come with a series of cyberattacks: public administrations, businesses, local authorities and even hospitals. No one has been spared (although some ransomware operators claim that they will show some respite&#8230;). Email, which is the main means of workplace communication, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\" \/>\n<meta property=\"og:site_name\" content=\"Bluemind\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-30T07:11:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-30T07:11:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"859\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Email: threats and nuisances\",\"datePublished\":\"2020-04-30T07:11:20+00:00\",\"dateModified\":\"2020-04-30T07:11:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\"},\"wordCount\":2359,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png\",\"keywords\":[\"Featured\"],\"articleSection\":[\"BlueMind's Solution\",\"Non cat\u00e9goris\u00e9\",\"Practices\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\",\"url\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\",\"name\":\"Email: threats and nuisances - Bluemind\",\"isPartOf\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png\",\"datePublished\":\"2020-04-30T07:11:20+00:00\",\"dateModified\":\"2020-04-30T07:11:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage\",\"url\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png\",\"contentUrl\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png\",\"width\":2000,\"height\":859},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bluemind.purpl-web.com\/en\/homepage\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Email: threats and nuisances\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#website\",\"url\":\"https:\/\/bluemind.purpl-web.com\/en\/\",\"name\":\"Bluemind\",\"description\":\"Collaborative messaging\",\"publisher\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bluemind.purpl-web.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#organization\",\"name\":\"BlueMind\",\"url\":\"https:\/\/bluemind.purpl-web.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2017\/06\/logobm_300.png\",\"contentUrl\":\"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2017\/06\/logobm_300.png\",\"width\":300,\"height\":100,\"caption\":\"BlueMind\"},\"image\":{\"@id\":\"https:\/\/bluemind.purpl-web.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Email: threats and nuisances - Bluemind","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/","og_locale":"en_US","og_type":"article","og_title":"Email: threats and nuisances - Bluemind","og_description":"The health crisis that\u2019s been affecting the world since the beginning of the year has unfortunately come with a series of cyberattacks: public administrations, businesses, local authorities and even hospitals. No one has been spared (although some ransomware operators claim that they will show some respite&#8230;). Email, which is the main means of workplace communication, [&hellip;]","og_url":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/","og_site_name":"Bluemind","article_published_time":"2020-04-30T07:11:20+00:00","article_modified_time":"2020-04-30T07:11:23+00:00","og_image":[{"width":2000,"height":859,"url":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#article","isPartOf":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/"},"author":{"name":"","@id":""},"headline":"Email: threats and nuisances","datePublished":"2020-04-30T07:11:20+00:00","dateModified":"2020-04-30T07:11:23+00:00","mainEntityOfPage":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/"},"wordCount":2359,"commentCount":0,"publisher":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/#organization"},"image":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage"},"thumbnailUrl":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png","keywords":["Featured"],"articleSection":["BlueMind's Solution","Non cat\u00e9goris\u00e9","Practices"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/","url":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/","name":"Email: threats and nuisances - Bluemind","isPartOf":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage"},"image":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage"},"thumbnailUrl":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png","datePublished":"2020-04-30T07:11:20+00:00","dateModified":"2020-04-30T07:11:23+00:00","breadcrumb":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#primaryimage","url":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png","contentUrl":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2020\/04\/photo-by-andrea-piacquadio-from-pexels-2.png","width":2000,"height":859},{"@type":"BreadcrumbList","@id":"https:\/\/bluemind.purpl-web.com\/en\/email-threats-and-nuisances\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bluemind.purpl-web.com\/en\/homepage\/"},{"@type":"ListItem","position":2,"name":"Email: threats and nuisances"}]},{"@type":"WebSite","@id":"https:\/\/bluemind.purpl-web.com\/en\/#website","url":"https:\/\/bluemind.purpl-web.com\/en\/","name":"Bluemind","description":"Collaborative messaging","publisher":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bluemind.purpl-web.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/bluemind.purpl-web.com\/en\/#organization","name":"BlueMind","url":"https:\/\/bluemind.purpl-web.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bluemind.purpl-web.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2017\/06\/logobm_300.png","contentUrl":"https:\/\/bluemind.purpl-web.com\/wp-content\/uploads\/2017\/06\/logobm_300.png","width":300,"height":100,"caption":"BlueMind"},"image":{"@id":"https:\/\/bluemind.purpl-web.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":""}]}},"_links":{"self":[{"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/posts\/2492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/comments?post=2492"}],"version-history":[{"count":1,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/posts\/2492\/revisions"}],"predecessor-version":[{"id":2493,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/posts\/2492\/revisions\/2493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/media\/2478"}],"wp:attachment":[{"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/media?parent=2492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/categories?post=2492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bluemind.purpl-web.com\/en\/wp-json\/wp\/v2\/tags?post=2492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}