The hidden danger of effective spam filtering - 1-Fix

1-Fix Limited

The Blog

The hidden danger of effective spam filtering

The hidden danger of effective spam filtering

SPAM!

Photo courtesy of arnold | inuyaki(CC Attribution)

I need to tell you something that may sound counter intuitive – if the spam filter you’re using for your business is doing a superb job of swatting down spam, you may be inadvertently helping the hackers or scammers who are trying to get at your end users. 

Sounds like nonsense, right? Well, I’m afraid it’s true, and we’ve seen it all too often with end-users in recent months.

Let me explain…

Picture this: Your company (let’s call you Contoso Ltd for the sake of the article – it’s good enough for Microsoft so it’s good enough for me!) has a basic e-mail system in place at the moment, probably provided by your web hosting company or run internally on your office server. There is some spam filtering provided, but over the last few years you and the staff at Contoso Ltd have been used to clearing down your inbox each morning. You maybe get 5 or 10 junk messages, and you’re used to scanning through and filtering them out when they arrive. However, it’s frustrating, and so you speak to your IT support team about getting your spam filtering sorted out.

IT support suggest either putting in place more effective spam filtering, using a filtering service, or moving to a more robust e-mail platform with enterprise anti-spam measures (such as Microsoft Office 365 or Google Apps for Business). You take their advice, and for the next few months Contoso Ltd has very little spam e-mail at all.

Great, right? Wrong!

Well, actually, sort of wrong. I mean, it is great to have so little spam e-mail to deal with, but this is where the problem starts to brew…. what problem? Complacency!

When your users get used to the spam filtering catching everything that’s junk, they begin to trust the e-mails that do arrive in the inbox. From what we at 1-Fix have seen in terms of real world spam, the authors are getting smarter and are trying to work this new angle of attack.

It seems that the spam and virus authors are now writing their e-mails and testing them against multiple spam filters to ensure that, initially at least, the message will get into a user’s inbox. They no longer attach a virus to the e-mail, but host it online, in a location that hasn’t been reported as compromised – ensuring that they don’t flag any extra spam or virus traps. When they are ready to send the messages, they hit organisations hard with multiple e-mails from different servers and computers – hoping that some of them aren’t on any blacklists so the e-mails will deliver. Here is an example of an excerpt from a client’s Untangle spam filter log:

Untangle - Effective Spam Filtering engine

You can see from this example above, the e-mail titled “CIT Inv# 15000375 for PO# SP14161” has been sent to multiple recipients (removed from the image for privacy), from multiple IP addresses, in close succession.

Once the users have become used to effective spam filtering, if one of these sorts of e-mails slips into their inbox then there is a higher chance of them opening them and clicking on a download link, or at least being curious – a dangerous situation.

What is the solution?

We’re not advocating going back to the days of rubbish spam filtering – there is no way I want to be filtering 100+ e-mails from my inbox again – but what we do recommend is that you get the most effective spam filtering you can, and then spend some time educating your end users on spotting spam e-mails and good security practices – or work with an IT company that’s pro-active and can do this for you.

To help you get started, we’ve prepared a downloadable guide you can use to educate your staff – just fill in the form below and we’ll get it ready for you.

[email-download download_id=”1047″ contact_form_id=”1050″]

Replies

Comments are closed.

Leave a Reply

Your email address will not be published. Required fields are marked *