Email Security and Spam Filtering

In a world where no one seems to agree on anything, we can all agree that we hate spam.

For some reason, the people who send spam think it’s going to get us to buy something or switch insurance companies.

The problem is that not all spam is harmless; some spam is very malicious.

How Email Scams Work

Email that just arrives in your inbox is not harmful. In order to infect your computer or your network, you need to click something.

Because your spam program can pick up on many of these emails, it can keep you from seeing them in the first place.

There are a number of different scams. While this isn’t all of them, it’s a pretty good list of the most common types:

  • Survey – By definition, a survey online would require that you click something. The moment you do, you will either be sent to a site that has malware or will have prompted your computer to download it. Just don’t take any unsolicited surveys.
  • Imitation – This is an email from a company or a person that you know. Often, it’s an email that looks like it came from a common company, like PayPal or Microsoft. The way to know if it’s real is to look at the actual email address. The best policy is to go to their site yourself and look at your account. Don’t click anything in one of these emails.
  • Official – Scammers love to use official agencies, like the IRS or state government, to run scams. They’re hoping to panic you into clicking a button. Don’t. Again, open a tab and go to their website or look up the number and call them. The IRS doesn’t use email for official notices, ever.
  • Lottery – The lottery scam is a golden oldie. “You’ve won’t $1 million. Just click here.” No one wins a lottery they didn’t enter and no lottery will announce that you won $1 million via email.
  • Phishing – Phishing is when the scammers are looking for information. For example, they might email you posing as your email provider. It will ask you to change your password. They’ll use that to get into your account and give them access to a lot more.
  • Whaling – This is phishing designed to get to the CEO. They’re looking to hook the big fish, knowing that he or she has access to everything in the company.
  • Replacement – One common scam is to step into the middle of a transaction and reroute funds. For example, they hack a business associate to whom you’re going to send money. They send you an email saying the routing and account number have changed. Call that person. Don’t believe the email. Verify it personally with that person before you send money.
How Spam Filtering Software Works

The standard spam filter uses a combination of AI and community information to figure out what’s spam.

The artificial intelligence portion looks at how the email is written, the address it’s coming from, and the topic. It will throw that into the quarantine.

In modern solutions, the artificial intelligence will run a scan and monitor how you the user write your emails.  If it recognizes you requesting something odd, such as a change to your direct deposit, or spelling things in ways you typically wouldn’t, it will quarantine the email.

The community information is when the email or email security provider, like Google, Microsoft, or Barracuda, gets enough spam complaints from a single address. The system then sees those emails as spam.

The Next Level

There is a higher level of spam filtering that every company should have. It actively scans every email.

This software will hold all of the emails in the cloud while it not only scans everything that’s mentioned above, but it actively scans any links in the emails. The system is looking for redirects, unknown email addresses or web addresses, and other indications of fraud.

It also looks for viruses and malware embedded in the email or at any of the links. Active scanning can keep bad emails from ever showing up in your inbox.

This adds another layer of protection on your email inbox and helps you keep control of what you’re seeing, let alone clicking.

Some people complain that this can slow down emails that they’re waiting for, but in most cases, unless there’s an actual problem, it’s microseconds for the system to analyze an email.

Putting Email Protection in Place

Putting email protection systems in place will require understanding the level of information being exchanged and how the company’s email system is configured.

It’s equal parts software and human behavior.

Here are a couple the levels of protection that can be installed:

  1. Antivirus with automatic email scanning – This is the first step. Not only will the antivirus work to protect your computer or servers, but it actively scans emails as discussed above.
  2. Phishing and Internet Security – These programs protect the company from scams that are found on websites. This can include keyloggers that track every keystroke on a computer. This captures our login information everywhere you go and will go in to pretend it’s you.

In many cases, all of these functions can be found in a single piece of software.

If you have a managed IT service for your servers and workstations, your provider should have already implemented this type of software. It’s worth asking to know that your assets are actually protected.

The most important protection you can put in place is education. Whether it’s sending information, clicking a link, or downloading a bad file, almost every email hack requires that a person does something.