MDaemon Technologies Blog

The Coronavirus pandemic comes with a spike in online email scams, and changes to how we work

By Brad Wyro

Covid-emal-scams

Stories of the COVID-19 pandemic’s rapid global spread have paved the way for threat actors to unleash the most widely-used cyber threat in recent memory.

At the heart of these threats is a disinformation campaign that is spreading as rapidly as the coronavirus itself. Scammers know people are looking for answers to their concerns and are more likely to click on embedded links in email messages or download malicious email attachments as they let their guard down during moments of heightened concern.

Thousands of COVID-19 related email scams and malicious sites are being created on a daily basis. Over the past couple of weeks, we’ve seen email phishing scams carrying a variety of malware variants, including the Trickbot banking Trojan, Lokibot malware, Emotet, NanoCore, Azoruit, and others. Malicious emails claiming to come from the World Health Organization offering advice to coronavirus victims have been used to plant keyloggers on victims’ PCs.

And as long as the coronavirus poses a threat, cybercriminals will continue their attempts to exploit the public’s fears for personal gain. That’s why it’s everyone’s responsibility to learn to identify potential threats such as email spoofing, spear phishing scams, phone scams, and other social engineering tricks.

What’s being done to Protect People from COVID-19 Scams?

Facebook, Twitter and Google are cracking down on misinformation regarding the Coronavirus pandemic. Facebook has said it would start taking down bogus claims about purported cures and other misleading content. To help users cut through the steady stream of misinformation, they’ve created a helpful resources page, with tips on avoiding COVID-19 scams.

Twitter users can find helpful information on their blog.

Google has also stepped up efforts to direct users to verified sources on the Coronavirus.

Even the FTC and FDA have stepped in to protect people from mis-branded or unapproved products such as essential oils and teas.

Tips to avoid email related phishing scams

Cybercriminals will continue to use social engineering and scare tactics to trick you into opening malicious attachments or giving them your personal information. They know that people tend to let their guard down during periods of anxiety, so it’s more important than ever to review best practices for avoiding spear phishing attacks and other social engineering scams.

  • Always double-check the sender address in an email & never trust the display name shown in your email client, as this can easily be spoofed. The From header can also be spoofed, as shown in this example.

    Covid-19_phishing6

  • Never click on links without proper verification. When in doubt, manually type the URL in your browser.
  • Be aware of the privacy policies of the Centers for Disease Control (CDD) and World Health Organization (WHO). These and other reputable organizations have strict communication policies to protect people from scammers impersonating these organizations.

Businesses can promote online privacy and help protect remote workers from phishing and malicious email threats

With the surge of employees working from home during this crisis come additional cyber security challenges that must be considered. Security teams need to ensure these challenges are met with secure VPNs, strong password policies, and fully-patched systems.

5 Email Security Tips for MDaemon and Security Gateway Users

While end-user training and awareness are important, IT administrators play a significant role in protecting users against phishing email scams. Both MDaemon Email Server and Security Gateway for Email have features designed to block spam, spear-phishing, and malware attacks, so when considering best practices for providing the most secure email solution for your business, we recommend following these best practices.

1. Use SMTP authentication to prevent unauthorized account access

To help prevent unauthorized access to local email accounts, we recommend requiring SMTP Authentication unless a message is transmitted from a domain mail server. This helps to ensure that the identity of the sender is valid. Instructions for configuring SMTP authentication settings in Security Gateway can be found here in our knowledge base. Click here to read how to configure SMTP authentication in MDaemon Email Server

2. Use strong passwords

Spammers will often try to hijack an email account by guessing its password. Therefore, passwords that are easy to guess should always be avoided.

3. Ensure domain email is from an authorized email server to help protect against spoofing

Both MDaemon and Security Gateway have a security feature called IP Shielding that helps protect against spoofing by only accepting email from a local domain if it was sent from an IP address associated with that domain.

The best way to secure outbound email is via SMTP authentication. However, for businesses that need to send email from a printer or other device that is not capable of authenticating, IP Shielding can be used to exclude certain IP’s or ranges from having to authenticate. Messages from authenticated sessions can optionally be exempt from IP Shielding requirements.

IP Shield in MDaemon Remote Administration to protect against email spoofing

Instructions for configuring IP Shielding can be found here:

4. Don’t whitelist local email addresses

In many cases, local IP addresses or host names may need to be whitelisted to bypass certain email security features. However, we do not recommend whitelisting local email addresses. If a local address is added to the whitelist, messages sent to this address could bypass many of your security settings and put your mail server at risk of being blacklisted.

5. Protect your email server from virus and spam outbreaks

Whether you use MDaemon Email Server or Security Gateway for Email, we recommend enabling the antivirus features to scan all inbound and outbound email messages for viruses. Security Gateway uses the Cyren and ClamAV antivirus engines to scan messages for viruses and malware, and to detect the latest spam outbreaks. For MDaemon, these features are available with MDaemon AntiVirus.

Cyren and ClamAV antivirus engines in Security Gateway for Email Servers

6. Flag emails from external sources with a warning message

Many users who fall for phishing scams are fooled by email spoofing or lookalike domains. To help users identify emails from external sources, MDaemon can display a security warning in the email message to alert users to take extra caution when replying to the email.

MDaemon Webmail external message warning to help users identify phishing and spoofing email

7. Implement email filters to filter out emails with known phishing attempt indicators and block suspicious IP addresses at your firewall.

Many phishing emails come from spoofed email addresses, compromised email servers, or clients that have been infected with malware and hijacked as part of a spambot. They may also contain certain commonly-used words or phrases. You can implement filters on your secure email gateway to block these common sources of junk email. You can also block suspicious IP addresses at your firewall.

When in doubt, play it safe!

The bottom line is that we all need to take extra care to avoid getting hooked by email phishing scams, especially during times like these when so many people have let their guard down in the hopes of finding solutions to the ongoing COVID-19 pandemic. A few extra seconds of caution could save you or your business thousands, or even millions, of dollars.

Tags: Email Best Practices, security, spear phishing, spoofing, phishing, email security

Brad Wyro

Written by Brad Wyro

Subscribe to Email Updates