Skip to content

Hit enter to search or ESC to close

Remote Work and Phishing Campaigns

In 2020 during the pandemic lockdowns, organizations were forced to allow employees to work from home. The at-home workplace is a mainstay for many organizations that soon realized the benefits of remote work. Employees appreciated the remote work so that they could have a better life-work balance. Organizations required fewer employees in the office, which saves on real estate and equipment.

Threat actors work with fear and leveraged the reduced cybersecurity from an at-home workforce and ramped up phishing campaigns. Security researchers reported a huge increase in phishing attacks in 2020, and many organizations fell victim. Employees working from home did not have the enterprise-level cybersecurity necessary to protect business data available on home personal computers, which led to data breaches from simple phishing campaigns.

In a sophisticated attack, the email headers are spoofed, most importantly the sender address. If an email server does not require authentication, any user can send email from the server. Spam servers allow anyone to send email messages, so attackers can use these servers to send messages with a spoofed header. In a spoofed sender message, the sender can be modified to be anyone from any official organization.

If no email security is added to the recipient’s email server, the recipient will receive malicious spoofed messages in their inbox. Some personal email services such as Gmail will detect spoofed sender headers and put it in the spam inbox. Some users still peruse the spam inbox and still fall victim to phishing. So it’s not a perfect solution especially when business data can be stolen on the local device.

It’s probable that many at-home workers mixed their work machine with their personal devices, leaving an organization’s data at risk from a breach. Even with enterprise-level anti-malware installed on work devices, business administrators cannot control data transfers to personal devices. Because the COVID-19 lockdowns were sudden and unexpected, businesses did not have time to implement the right security, including filters to protect from phishing.

Did You Know?

99.99%

SpamTitan's spam catch rate

11 Seconds

a ransomware attack occurs

$285

the average cost to manage spam per person without an email filter

56.50%

of all email is spam

We recently held a webinar with Osterman Research demonstrating how to reduce the risk of phishing and ransomeware. Download the guide here.

Or watch the webinar here.

 

Email Spam Filtering Solutions

With users working from home, many organizations chose to implement cloud infrastructure to make it easier for users to gain access to important productivity applications. Included with this cloud infrastructure was email servers hosted off-site. Cloud providers offer control over email servers, but many cloud-based email filtering solutions are available.

When implementing email spam filters, a few techniques can be used to stop incoming messages. These settings must be configured by the administrator or the MSP in charge of managing email services. They can be then monitored after implementation to ensure that no false negatives allowed malicious emails to reach the targeted user.

Reputation-based email filters contain a list of blacklisted domains and server IP addresses that immediately block any messages that come from these networks. This technique is similar to the way content filters work by blocking any reported domains known to allow malicious messages.

Another method is content analysis based off message scans. Specific words are generally malicious and can be triggers for filters. Many private email message services use this method, but it’s ineffective on its own. It should be combined with reputation-based filters to ensure that alternative spellings and methods to bypass these filters cannot be used.

Spammers and phishing attackers continue to register new domains to bypass reputation-based filters. To give administrators full control in these situations, the email filtering solution will have ways to blacklist, whitelist, and greylist IP addresses and domains. Blacklisted domains are blocked no matter what is in messages, and whitelisting domains has the opposite effect by allowing messages regardless if the domain is registered as malicious.

Greylist are a hybrid of both a whitelist and a blacklist. The system can build a greylist dynamically based on attacks, but administrators can also build their own greylist. A greylist is a list of blocked IP address and domains that are only filtered for a short amount of time.

Legitimate email servers will receive a failed message and attempt to send it later. As time passes, the domain drops from the greylist, and the message will be successfully sent to the user’s inbox.

SpamTitan checks every URL in an email against known blacklists - with 100% active web coverage.

Real-Time Greylisting is the Most Effective

In sophisticated email filtering solutions, the system detects malicious messages in real-time. It compares incoming messages with a database of blacklisted IP address where spam and other malicious content is known to come from. Greylisting takes it a step further and detects malicious messages even with the source is from an unknown IP address so that attackers can not use new domains to evade detection.

Greylisting uses a secondary method to determine legitimate email messages. For unknown sources, the recipient email server rejects the email and sends it back to the originating email server instructing it to send the message again. Legitimate email servers detect the message and return it again to the recipient within minutes. The message is then cleared by the recipient’s email filters, and it’s sent to the targeted user.

Short delays should be expected with this email filtering strategy, but it’s a much more secure method than simply allowing messages to pass through from unknown sources. For further tuning, the email administrator can still add the sender to a blacklist or a whitelist to control the messages within a greylist.

No matter the strategy, email filtering is necessary to protect users from phishing. A good solution will allow administrators to configure the way the system will handle messages, but greylisting is one of the most important features to look for. A real-time greylist is essential in an enterprise, especially if the email server is located in the cloud.

Looking for an email spam solution for your organization? Sign up for SpamTitan's Free 14-Day Trial.

SpamTitan Plus – NEW Anti-Phishing solution now available

Hear from our Customers

Better than I thought.

What do you like best about SpamTitan Email Security? Simple setup. Comprehensive and in depth options. Our vendor had a basic script to start us out that made our transition a snap. What problems is SpamTitan Email Security solving and how is that benefiting you? We avoid SPAM and Virus attempts into our network. This relieves our need to deal with problems on each computer user.

Donald M.

Mid-Market

Spam Titan is a Class Act

What do you like best about SpamTitan Email Security? Product is simple to install on mail Server. And works Great. What problems is SpamTitan Email Security solving and how is that benefiting you? Spam Totally non existent now.

Gene L.

Small-Business

Effective filtering with excellent and timely customer support.

What do you like best about SpamTitan Email Security? SpamTitan has a quick, easy initial setup as well as extremely responsive support. Any ticket I opened was responded to within 5-15 minutes and resolved within the day. Since implementation, we've seen a marked drop in spam/spoofed messages actually arriving in inboxes. We've also been able to migrate email hosts without difficulty or drop in service. What problems is SpamTitan Email Security solving and how is that benefiting you? We wanted to address spoofed messages arriving in employee inboxes, as well as generic spam. Our employees definitely have safer, less cluttered inboxes after implementation.

Stephen C.

Small-Business

goodbye to the nightmare of spam

What do you like best about SpamTitan Email Security? The support is very good and the ease of use of the platform is also multilanguage. What do you dislike about SpamTitan Email Security? All is good to me really some little details. Recommendations to others considering SpamTitan Email Security: It really is very good, it would be good to improve the interface. What problems is SpamTitan Email Security solving and how is that benefiting you? We received thousands of emails per hour, this really was chaotic, after implementing SpamTitan, this was very easy and fast, our problems began to be solved almost immediately.

David A.

Mid-Market

Great Solution

What do you like best about SpamTitan Email Security? Sales and support team are really helpful, easy to set up and deploy, pricing is clear, no surprise or hidden fees. What problems is SpamTitan Email Security solving and how is that benefiting you? SpamTitan is blocking a lot more spam than our old solution, and the system is learning so it's getting better.

Patrice G.

Sysadmin

Susan Morrow

Susan Morrow

  • DATA PROTECTION
  • EMAIL PHISING
  • EMAIL SECURITY

Talk to our Team today

Talk to our Team today