Ask the Experts

Ask the Experts

Email and messaging threats

• How to send secure email attachments

  Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.  Continue Reading

• The risks and effects of spyware

  Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix infected devices.  Continue Reading

• Comparing Diffie-Hellman vs. RSA key exchange algorithms

  See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown.  Continue Reading

• What's the purpose of CAPTCHA technology and how does it work?

  Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections.  Continue Reading

• What are the most important email security protocols?

  Internet email was designed independent of security considerations, but these are the top email security protocols that add mechanisms to keep messaging safe from threats.  Continue Reading

• What is MTA-STS and how will it improve email security?

  Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between SMTP servers.  Continue Reading

• What are the top enterprise email security best practices?

  Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the dangers of phishing.  Continue Reading

• Can PDF digital signatures be trusted?

  Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures.  Continue Reading

• How were attackers able to bypass 2FA in a Reddit breach?

  Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.  Continue Reading

• What is behind the growing trend of BEC attacks?

  BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb.  Continue Reading

• How can U2F authentication end phishing attacks?

  By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb.  Continue Reading

• What are DMARC records and can they improve email security?

  Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson.  Continue Reading

• Zyklon malware: What Microsoft Office flaws does it exploit?

  Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson.  Continue Reading

• How are tech support scams using phishing emails?

  Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.  Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.  Continue Reading

• How is cross-platform malware carried in Word docs?

  Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them.  Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.  Continue Reading

• How did flaws in WhatsApp and Telegram enable account takeovers?

  Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work.  Continue Reading

• Poison Ivy RAT: What new delivery techniques are attackers using?

  A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for.  Continue Reading

• How can users protect themselves from the DocuSign phishing email?

  A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack.  Continue Reading

• How can users identify phishing techniques and fraudulent websites?

  A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar phishing attacks.  Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work.  Continue Reading

• How can customer service staff spot social engineering email attacks?

  Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks.  Continue Reading

• Why did the PHPMailer library vulnerability have to be patched twice?

  After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works.  Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.  Continue Reading

• How serious is a malicious DLL file vulnerability for enterprises?

  A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification.  Continue Reading

• How does the Locky ransomware file type affect enterprise protection?

  Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift.  Continue Reading

• What's the best corporate email security policy for erroneous emails?

  If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise.  Continue Reading

• How does the iSpy keylogger steal passwords and software license keys?

  A recent version of the iSpy keylogger has the ability to steal passwords and record Skype chats. Expert Nick Lewis explains how it works and how to protect your systems.  Continue Reading

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.  Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.  Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.  Continue Reading

• Can ZCryptor ransomware be stopped by upgrading to Windows 10?

  ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can mitigate this risk.  Continue Reading

• How does Locky ransomware get distributed by the Necurs botnet?

  The Necurs botnet has been distributing a new variant of Locky ransomware. Expert Nick Lewis explains how to prevent and detect Locky infections in your enterprise.  Continue Reading

• Is destroying a decryption key a strong enough security practice?

  Destroying a decryption key isn't the same as destroying the data, but which method is more secure? Expert Mike Chapple explains the best way to combat a future encryption flaw.  Continue Reading

• How can APT groups be stopped from exploiting a Microsoft Office flaw?

  APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks work and how to prevent them.  Continue Reading

• How are weak passwords banned with Microsoft's Smart Password Lockout?

  Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial.  Continue Reading

• Is the BREACH attack update a threat to Gmail security?

  The BREACH attack has been updated to perform faster data theft. Expert Nick Lewis explains the differences in this attack and the threat level for organizations that use Gmail.  Continue Reading

• Is the Bitdefender ransomware vaccine an effective method of protection?

  Bitdefender's new ransomware vaccine takes a stab at quelling the rising tide of ransomware attacks. Expert Michael Cobb explains how it works and if it is effective.  Continue Reading

• Why are both symmetric and asymmetric encryption used in OpenPGP?

  OpenPGP uses asymmetric encryption and symmetric encryption for different parts of its process. Expert Michael Cobb explains the purpose of hybrid encryption in message security.  Continue Reading

• What new Asacub Trojan features should enterprises watch out for?

  The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.  Continue Reading

• How does the Dridex Trojan conduct redirection attacks?

  The new version of the Dridex Trojan share Dyre malware's redirection attack capabilities. Expert Nick Lewis explains how enterprises can prevent these incidents.  Continue Reading

• How does Latentbot use obfuscation in its attacks?

  Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing email, and how to stop it.  Continue Reading

• Personal email servers: What are the security risks?

  Hillary Clinton has taken much criticism over the use of a personal email server. Expert Michael Cobb explains the risks of shadow IT email and what enterprises can do about them.  Continue Reading

• How can a DMARC policy improve email security?

  Major email providers are adopting DMARC policies to reduce spam. Expert Michael Cobb explains how DMARC works and why it's is a good thing for email security.  Continue Reading

• How can phishing emails spoofing TLDs be avoided?

  Attackers have found a loophole in SPF verification and are using the .gov top-level domain to trick users with phishing emails. Expert Nick Lewis explains how to defend against the threat.  Continue Reading

• How can enterprises prevent man-in-the-email attacks?

  A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training and little technology.  Continue Reading

• Does Peerio offer secure enterprise messaging and file sharing?

  A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.  Continue Reading

• How can we secure enterprise email at home and abroad?

  Emails often contain sensitive information, yet the proper measures are not always taken to secure them. Learn how to keep corporate email safe both at home and in foreign countries.  Continue Reading

• How can phishing attacks that use proxy programs be stopped?

  Phishing attacks are adopting new functionality to avoid detection, including the use of proxy programs to simplify the attack process. Learn how to defend against this type of risk.  Continue Reading

• Is global email an enterprise email security risk?

  Ubiquitous global email is right around the corner. But what effect will it have on enterprises? Expert Michael Cobb explains.  Continue Reading

• Is PGP security still strong or is it time for a new encryption standard?

  Pretty Good Privacy is nearly 25 years old and still widely used -- but is it as effective as it once was? Application security expert Michael Cobb explains the past, present and future of PGP.  Continue Reading

• How can malware using bulletproof hosting sites be stopped?

  Expert Nick Lewis explains what bulletproof hosting is and how enterprises can best defend against malware that uses it as part of its attack scheme.  Continue Reading

• Are there new spam rules to mitigate spam techniques?

  Expert Nick Lewis explores the latest spam defense methods and products that will help enterprises defend against new and emerging spam techniques.  Continue Reading

• Login credential security: How to defend against tabnapping

  Tabnapping can be used to capture user login credentials. Enterprise threats expert Nick Lewis explains how to defend against the risk.  Continue Reading

• Man-in-the-email vs. man-in-the-middle attack: What's the difference?

  Learn the difference between man-in-the-middle and man-in-the-email attacks, and get tips on how to prevent becoming a victim.  Continue Reading

• Should enterprises enforce harsher penalties for phishing victims?

  The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph Granneman discusses why this approach may have merit.  Continue Reading

• How does snowshoe spam evade spam blockers?

  Spam can use a process called 'snowshoe' to evade spam filters. Enterprise threats expert Nick Lewis explains how to block snowshoe spam.  Continue Reading

• How can vishing attacks be prevented?

  Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.  Continue Reading

• Whaling attacks: Taking phishing attacks to the next level

  Whaling attacks take phishing to the next level with much bigger targets. Enterprise threats expert Nick Lewis explains how to mitigate the risk.  Continue Reading

• To nullify targeted attacks, limit out-of-office message security risk

  Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.  Continue Reading

• Webmail forensics: Investigating issues with email forwarding security

  Expert Mike Cobb discusses webmail forensics possibilities for dealing with the aftermath of an issue involving an email forwarding security breach.  Continue Reading

• Hop-by-hop encryption: A safe enterprise email encryption option?

  Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb.  Continue Reading

• FERPA regulation guidelines to email student personal data unencrypted

  In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response.  Continue Reading

• How to confirm the receipt of an email with security protocols

  Many websites try to ensure secure registrations by sending email confirmations. But how is it possible to confirm receipt of that email by the correct recipient? Identity and access management expert Randall Gamby weighs in.  Continue Reading

• Can an IP spoofing tool be used to spam SPF servers?

  Michael Cobb explains what the Sender Policy Framework can and cannot protect against, including IP spoofing attacks.  Continue Reading

• How to prevent brute force webmail attacks

  Expert Sherri Davidoff explains why brute-force attacks on webmail accounts are such a popular hacking technique.  Continue Reading

• What does 'invoked by uid 78' mean?

  Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means.  Continue Reading

• What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions.  Continue Reading

• Can mutual authentication beat phishing or man-in-the-middle attacks?

  What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.  Continue Reading

• What are effective ways to stop instant messaging (IM) spam?

  In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise.  Continue Reading

• Should a new user have to confirm an email address to gain access?

  'Authenticate new user' emails can be helpful tools in preventing spammers from creating a million users that will flood a site. Identity and access management expert Joel Dubin gives advice.  Continue Reading

• Why is backscatter spam so difficult to block?

  When an email address is comandeered by a malicious hacker to send spam, the backscatter can quickly fill an inbox and clog bandwidth. Is there any way to prevent this? Expert Michael Cobb gives advice.  Continue Reading

• Are Internet cafe users' email credentials at risk?

  Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands.  Continue Reading

• How secure is online banking today?

  Most banks take the security of their online services seriously. In this expert Q&A, Michael Cobb explains why online banking is relatively safe -- with the exception of one particular mistake.  Continue Reading

• How effective are phishing links that refer to FTP sites?

  The vast majority of phishing emails still include HTTP links, but there has been a recent smattering that refer to FTP sites. In this SearchSecurity.com Q&A, Ed Skoudis explains how to be ready for the malicious messages.  Continue Reading

• What security issues can arise from unsynchronized system clocks?

  Network administrators don't always pay enough attention to the issues of system clock accuracy and time synchronization. Michael Cobb explains why that can lead to security problems.  Continue Reading

• Are challenge-response technologies the best way to stop spam?

  Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Though the antispam mechanism has gained popularity, there may be more secure alternatives, says ...  Continue Reading

• Does SMS spoofing require as much effort as email spoofing?

  SMS text message spoofing demands a little more technical knowledge than email spoofing. But not much, says information security threat expert Ed Skoudis. In this Q&A, Skoudis explains how that technical know-how has now been embedded in easy-to-use...  Continue Reading

• Is the Storm worm virus still a serious threat?

  Today, attackers continue to have success with the Storm worm and its many variations, using the malware to strengthen their nasty botnets. In this SearchSecurity.com Q&A, expert Ed Skoudis explains why these rather run-of-the-mill attacks are still...  Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.  Continue Reading

• How secure are document scanners and other 'scan to email' appliances?

  Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices.  Continue Reading

• How can header information track down an email spoofer?

  Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.  Continue Reading

• Is it possible to prevent email forwarding?

  For professionals who send sensitive information through email, it may be useful to prevent message forwarding. Not so fast, says Ed Skoudis. SearchSecurity.com's information security threat expert explains the limitations of SMTP and why you may ...  Continue Reading

• Is a digital watermark a legitimate authentication factor?

  Identity management and access control expert Joel Dubin explores how reliable a digital watermark is when acting as a authentication factor.  Continue Reading

• How does a mail server respond to fake email addresses?

  In this SearchSecurity.com Q&A, Ed Skoudis reviews the actions of a mail server when it is presented with a bogus email address.  Continue Reading

• Is Sender ID an effective email authentication tool?

  Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the email authentication framework.  Continue Reading

• How can I prevent spammers from populating my mailing list?

  SearchSecurity.com's information security threats expert, Ed Skoudis, explains the workings of a spambot and teaches the strategies you need to counter spammers and clean up your mailing lists.  Continue Reading

• Can email header information be used to track down spoofers?

  Expert Mike Cobb explains how to use your received headers to trace unwanted emails.  Continue Reading

• How to selectively block instant messages

  Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods for taking ...  Continue Reading

• Phishing vs. Pharming attacks

  Learn how phishing attacks differ from pharming attacks and whether or not pharming attacks still threaten, in this information security threat Ask the Expert Q&A.  Continue Reading

• What is the best method to determine whether email messages are transmitted as clear text?

  In this application security Ask the Expert Q&A, Michael Cobb disccuses how to use a network analyzer tool to determine whether email exchanges are transmitted as clear text.  Continue Reading

• How e-mail message components are used

  Learn what happens when someone's e-mail address differs from the certificate e-mail field value, in this application security Ask the Expert Q&A.  Continue Reading

• How RSA keys differ from DH/DSS keys

  In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib.  Continue Reading

• MD5 vs. RC4

  In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.  Continue Reading

• Authentication Header vs. IKE

  In this Ask the Expert Q&A, Joel Dubin discusses how and when the Authentication Header encryption protocol is used.  Continue Reading

• Encryption detection

  In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications.  Continue Reading

• IM policy template

   Continue Reading

• PHI in the subject line of e-mail

   Continue Reading

• How a virus is executed from Outlook's preview pane

   Continue Reading