Email Security Protection

Well, if you are like me, before taking my Certified Ethical Hacker class, probably maybe not as much as you should and for some, I know it’s never. If you have never taken a class or have some basic knowledge of keeping yourself safe online, you might as well consider yourself hacked. In this digital age where most of our communication is done online, we are always at risk of losing our most precious asset, our Personal Identifying Information (PII). This is the information that we usually guard and keep close to ourselves such as, PIN numbers, email passwords, your bank account login credentials and the like.

What if I told you that I would make you give me this information willingly and you would actually be smiling as you do it. What, you don’t believe me, well you probably already did give it to someone other than me.

We’ve all at one time or another received a phishing email. It goes something like this, Your mailbox is full, click here to add more space, we noticed some irregular activity on your bank account, click below link to confirm, You have won the lottery, click below to redeem your prize. This will usually lead you to a similar site to what you are used to, for instance your bank’s site or your email login page and you will proceed to enter your credentials. Guess what, you’ve already been hacked. The sites you visit by clicking on the links in the email are usually fake sites that are used to harvest user credentials which ultimately let the crooks gain access to your account. I see you, “smart guy” asking who in this day and age still clicks on such emails, well of all phishing emails sent, there is a success rate of 30%, meaning that there are still so many users who are not aware of this kind of scams. I still see you brushing me off there, well guess what, internet giants Google and Facebook got duped out of $100 million through an email phishing scheme when a hacker impersonated a computer-parts vendor.

Phishing is still one of the most successful hacking techniques used to this day categorized under social engineering attacks.The hacker always tends to pose as someone you can trust and often tricks you to clicking on a link in the email. This kind of attack has been used to gain access to government institutions, and corporate organizations.

So what can you do to keep yourself safe online even with the hackers and crooks getting better at it everyday?

  1. Always be suspicious
    My wife’s motto on trust is, “You have to prove you can be trusted, before I trust you”. This is what I would advise when it comes to emails. This is even with emails you think you know the sender.
  2. Pay attention to the email/web address
    If you look keenly at the email and web address on a phishing email, you will see a lot of similarity but there is always something that will let you know the site or email address is not legitimate. E.g. wilson.muroki@myisp.co.ke, aghrt68uej@myisp.co.ke, https://www.myis.co.ke https://www4.myisp.co.ke
  3. Urgent action required
    Phising emails will most of the time have a sense of urgency on the action they want you to take. Always stop and ask yourself, why the urgency? You will more likely than not see phrases like, “Your account will be closed”, “Your account has been compromised or “Urgent action required”.
  4. Seek professional consultation
    MyISP offers user training to sensitize staff members on security issues and things to look out for when conducting their everyday duties. You can get in touch with us for more on this.

To find out how we can help you email us on info@myisp.co.ke or give us a call on 0730911000

Article Written by: Wilson Muroki
Service Delivery Manager - MyISP Ltd
BSc Information Systems Technology
Certified Ethical Hacker (CEH) ~ Institution: EC Council

 

 

Posted in Security.

Leave a Reply

Your email address will not be published. Required fields are marked *