While mail providers are constantly updating their filters to flag spam messages or hinder them reaching inboxes, sometimes this malicious mail gets past defences. While a lot of spam is harmless and easy to spot, it can still waste valuable time of employees – time better spent on carrying out business-related tasks.
In the worst-case scenarios, spam messages can include phishing emails that target staff inboxes for a variety of nefarious aims. These can include deploying malicious software on an enterprise’s systems or tricking staff into parting with company funds or login credentials and Personally Identifiable Information (PII).
Spear phishing tactics use available information on companies and employees to craft more authentic-looking emails that appear to be legitimate. They often spoof real email addresses, which allows them to bypass the filters in place to reach their targets.
Here are four steps you can take to safeguard yourself against the threats lurking in spam mail.
1. Increase the strength of spam filters
Although it will depend on your mail provider, ramping up your spam filters can make a definite difference between an email that fails an SPF (Sender Policy Framework) check arriving in your spam folder or your inbox. While you can also use services like Priority Inbox from Gmail which enable the mail server to discern whose mail is important to you, if these contacts have been spoofed, the spam mails may still land in your inbox.
2. Understand message headers
The ability to read message headers in order to see if a sender is legitimate and track down the spam source is a valuable skill. After receiving a suspicious message, you can open the headers and examine the sender’s IP address, you can then match the information to that contained in other emails from the same contact.
You can also carry out reverse look-up for the sender’s IP. While this is not always helpful, if the sender is a contact based in your city but the IP address originates in China, then unless they happen to be on their travels at the time, you will know that something is awry.
3. Never interact with unfamiliar links or attachments
This might seem like simple advice, but clicking on a link or downloading an attachment can have catastrophic consequences for your corporate network when they originate from a malicious operator. Confidential information can be stolen, exposed, or encrypted by ransomware through downloads, while links can redirect personnel to bogus sign-in pages to harvest their credentials like usernames and private passwords.
Always pay close attention to messages you receive and do not download any attachments you are not expecting. Do not allow yourself to be redirected via links to perform tasks; instead, visit the dedicated website to ensure it is authentic.
4. Employ a comprehensive security solution
At Galaxkey we have devised a secure platform that provides total email protection. With robust features, including end-to-end encryption and digital sign to verify a sender’s identity, you can defend against the multiple pitfalls hidden in spam messages. Contact us today to explore next-generation protection for your enterprise email.