Before I became an instructor and a consultant, I was an Exchange administrator for four years. A running joke I had was, if you want all users to read an e-mail you send, just put the words "I love you" in the subject line. And if you want them to open an attachment, name it "Do_not_open."
As an administrator, it is frustrating to see the ease with which a single statement can socially engineer the majority of users in your organization. We have come a long way from the Melissa virus and are able to identify and contain malicious macro viruses.
But human nature is human nature. Spammers and hackers have become the adept snake oil salespeople of the 21st century and can pull those emotional strings to which we have all been programmed to respond.
A good rule of thumb to follow is: If you didn't request the information -- or you don't know who the person is that sent it to you -- then you don't need to open or respond to the e-mail!
And while spammers and hackers are bad, it is the increase of electronic organized crime utilizing phishing and pharming attacks that are really unnerving. For more information see http://antiphishing.org.
The best defense against phishing attacks is to be suspicious of any request for personal information or password changes, even if they appear to be from a legitimate source. Online banking clients beware -- you are the most susceptible to these attacks.
Top 10 best practices for securing e-mail clients
#1: Patch your clients
#2: Configure antivirus software to scan your e-mail clients
#3: Use anti-malware software
#4: Quarantine attachments
#5: Don't be a sucker
#6: Disable unsigned macros
#7: Use Outlook's Junk E-mail filter or install spam-filtering software
#8: Just be plain
#9: Learn to read (e-mail headers, that is)
#10: Digitally sign and encrypt e-mails
|ABOUT THE AUTHOR:|
| Richard Luckett, Vice President and Senior Consultant, Ajettix Security
Richard Luckett is a Microsoft Certified Systems Engineer on the Windows NT 4.0, 2000 and 2003 platforms and has been certified on Exchange since version 4.0. He is the co-author of Administering Exchange 2000 Server, published by McGraw Hill, and has written four Exchange courses, Introduction to Exchange 2000, and Hands-on Exchange 2003, Ultimate Exchange Server 2003 and Exchange Server 2003 Administrator Boot Camp for Global Knowledge Inc. Richard is currently Vice President and Senior Consultant for Ajettix Security, where he is the head of the Microsoft security practice.