SlideShare a Scribd company logo

Secure Email Communication: A Guide to Preventing Phishing Attacks

Download as DOCX, PDF
S
saivarun91

The document discusses email phishing attacks and strategies to prevent them. It defines the attack surface as all possible entry points for unauthorized access, such as vulnerabilities, devices, and network nodes. Phishing works by tricking users into clicking links or entering login credentials on fake websites that look like legitimate ones. The document recommends educating users about phishing, punishing attackers legally, detecting and blocking phishing websites, and using technical methods like spam filters to stop phishing emails. It prioritizes improving remote access policies, separating personal and work data, frequently updating security systems, strong passwords, multi-factor authentication, and security training for employees.

Engineering
1 of 4
Abstract: We cannot imagine a day without a computer especially without Internet. E-Mail is one of the primary ways through which we communicate. We not only use it every day for official communication but also to be in touch with our friends and relatives. As E-Mail plays a vital role in communication globally for communication and sharing of data as well. The security issues also have increased. The major problem or the attack on E-Mail by the hackers nowadays is known as E-Mail Phishing. It is the right time to secure the data communicated over mail even on trusted network. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool. In this paper we are analyzing the various ways in which the Phishing is achieved, the possible solutions and the awareness along with some tips to be away from a victim of Phishing attacks are discussed. Data collectionplan. ▪ Define and describethe attacksurface: A) Attack Surface Definition: The attack surface refers to the total number of possible entry points for unauthorized access into a system. All vulnerabilities and endpoints that could be utilized to conduct a cyber-attack are included. The attack surface refers to the entire region of an organization or system that is exposed to hacking. Most modern businesses have a large and complicated attack surface. As the number of devices, web apps, and network nodes grows, so does the number of potential cybersecurity threats. B) DescriptionofAttack Surface: The Attack Surfaces for the Authentication attacks on email servers, the cyber attacker goal is to fool us in to clicking on a link and taking you to the website that asks for your login and password, or perhaps your credit card or ATM number. These websites look exactly same like original website. Another attack is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. When we feel we are hacked we have to change the passwords immediately, because most individuals use the same password for several sites thieves may already have access to your other accounts on popular sites. Taking the following steps can help organizations examine and decrease their physical and digital attack surfaces:
 Educate users to understand how phishing attacks work and be alert when phishing-alike e-mails are received.  use legal methods to punish phishing attackers  Use technical methods to stop phishing attackers.  Detect and block the phishing Web sites in time.  Enhance the security of the web sites.  Block the phishing e-mails by various spam filters. Potential Sources:  Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.  Be suspicious of emails addressed to Dear Customer or some other generic salutation. If it is your bank, they will know your name.  Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them  Be suspicious of attachments and only open those that you were expecting. Prioritizing the workofSecurityAnalyst: In order to prioritize work, an analyst must first determine which vulnerabilities are most likely to be exploited. Effective IT teams employ cybersecurity reports, and then make controlling those vulnerabilities a top priority on any controls they deploy to safeguard their cyber assets. The Following are the Tasks that need to be prioritized for the Remote security work 1) The Need for Better Remote Access Policies: However, many business owners are unaware of the requirements for arobust remote access strategy. Expert advice is becomingincreasinglyvital to avoid major risks such as identitytheft, data breaches, and data loss, which affect all workers, not just remote workers. 2) Separating Personal and Work Data: The issue of mobile access security isn't new. Bring-your-own-device (BYOD) rules have become more common in recent years, and 69 percent of "IT decision-makers" say they are a good idea. Because 67 percent of employees use personal devices at work, employers should already have security processes in place to cope with the possible risks of mixing personal and corporate data. 3) Frequently update your network security systems: It's critical that network security systems, like as firewalls, antivirus software, and spam filtering tools, are installed on each device that remote employees use to access company or customer data, and that those systems are kept up to date. You can even consider investing in a mobile device management platform so that you can remotely delete a device of any sensitive data if it is lost or stolen.
4) Require employees to use strong and varied passwords. Weak passwords pose a major security risk to your organization, especially when remote work is involved, so it’s important that you advise your employees to use strong and varied passwords and to avoid reusing passwords. 5) Utilize multi-factor authentication: In order to authenticate their identity, multi-factor authentication (MFA) needs users to supply numerous pieces of information. Security questions, push notifications, personal identification numbers, and biometrics are all forms of MFA. 6) Train your employees well and supply them with robust IT support: The most effective remote work security measures begin with good training. Provide cybersecurity awareness training to your staff, and make sure your IT team is available to assist your remote workforce with any security problems. Stake Holders involved: 1.Chief Security officer (CSO) is the organization's chief security official; he gathers information from his team and prepares and publishes the organization's security standards and principles. 2.Security Analyst: Security Analysts reports to the CSO, they work on the company security. They are also involved in the preparation of guidelines, or any issues raised. 3.Forensic Team: forensics team help the company to investigate on the cybercrimes. We use them for investigating the cyber-attacks. DesignDiagram: Securityimplementationfor Accessingthe Company data and Apps
References: [1] Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Special Publication 800-45 Version 2. [2] M. Delany, “Domain-based email authentication using DNS , May 2007. http://ietf.org.html [3] A countermeasure to email sender address spoofing by Toshiyuki Tanaka, Akihiro Sakai, Yoshiaki Hori, Kouichi. [4] Techniques and tools for forensic Investigation of e-mail International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 [5] Cyber crime – prevention & detection by v.shiva kumar, Asst.director A.P.Police Academy. [6] http://www.antiphishing.org.

Recommended

Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e securityDr. C.V. Suresh Babu
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL
 

Recommended

Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e securityDr. C.V. Suresh Babu
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Data security
Data security Data security
Data security Laura Breese
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareBlue Cross Blue Shield of Michigan
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organimallisonshavon
 

More Related Content

What's hot

Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 

What's hot (20)

Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
Data security
Data security Data security
Data security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - Kloudlearn
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
Information security
Information securityInformation security
Information security
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sector
 

Similar to Secure Email Communication: A Guide to Preventing Phishing Attacks

Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organimallisonshavon
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Ceferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual TechnologiesCeferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual Technologiesyusifagalar
 
Cyber security
Cyber securityCyber security
Cyber securityAkdu095
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop ThemAnvesh Vision Private Limited
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 

Similar to Secure Email Communication: A Guide to Preventing Phishing Attacks (20)

Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Ceferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual TechnologiesCeferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual Technologies
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
UNIT-3.docx
UNIT-3.docxUNIT-3.docx
UNIT-3.docx
 
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 

Recently uploaded

US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsDILIPKUMARMONDAL6
 
home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadaditya806802
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 

Recently uploaded (20)

US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teams
 
home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasad
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 

Secure Email Communication: A Guide to Preventing Phishing Attacks

  • 1. Abstract: We cannot imagine a day without a computer especially without Internet. E-Mail is one of the primary ways through which we communicate. We not only use it every day for official communication but also to be in touch with our friends and relatives. As E-Mail plays a vital role in communication globally for communication and sharing of data as well. The security issues also have increased. The major problem or the attack on E-Mail by the hackers nowadays is known as E-Mail Phishing. It is the right time to secure the data communicated over mail even on trusted network. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool. In this paper we are analyzing the various ways in which the Phishing is achieved, the possible solutions and the awareness along with some tips to be away from a victim of Phishing attacks are discussed. Data collectionplan. ▪ Define and describethe attacksurface: A) Attack Surface Definition: The attack surface refers to the total number of possible entry points for unauthorized access into a system. All vulnerabilities and endpoints that could be utilized to conduct a cyber-attack are included. The attack surface refers to the entire region of an organization or system that is exposed to hacking. Most modern businesses have a large and complicated attack surface. As the number of devices, web apps, and network nodes grows, so does the number of potential cybersecurity threats. B) DescriptionofAttack Surface: The Attack Surfaces for the Authentication attacks on email servers, the cyber attacker goal is to fool us in to clicking on a link and taking you to the website that asks for your login and password, or perhaps your credit card or ATM number. These websites look exactly same like original website. Another attack is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. When we feel we are hacked we have to change the passwords immediately, because most individuals use the same password for several sites thieves may already have access to your other accounts on popular sites. Taking the following steps can help organizations examine and decrease their physical and digital attack surfaces:
  • 2.  Educate users to understand how phishing attacks work and be alert when phishing-alike e-mails are received.  use legal methods to punish phishing attackers  Use technical methods to stop phishing attackers.  Detect and block the phishing Web sites in time.  Enhance the security of the web sites.  Block the phishing e-mails by various spam filters. Potential Sources:  Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.  Be suspicious of emails addressed to Dear Customer or some other generic salutation. If it is your bank, they will know your name.  Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them  Be suspicious of attachments and only open those that you were expecting. Prioritizing the workofSecurityAnalyst: In order to prioritize work, an analyst must first determine which vulnerabilities are most likely to be exploited. Effective IT teams employ cybersecurity reports, and then make controlling those vulnerabilities a top priority on any controls they deploy to safeguard their cyber assets. The Following are the Tasks that need to be prioritized for the Remote security work 1) The Need for Better Remote Access Policies: However, many business owners are unaware of the requirements for arobust remote access strategy. Expert advice is becomingincreasinglyvital to avoid major risks such as identitytheft, data breaches, and data loss, which affect all workers, not just remote workers. 2) Separating Personal and Work Data: The issue of mobile access security isn't new. Bring-your-own-device (BYOD) rules have become more common in recent years, and 69 percent of "IT decision-makers" say they are a good idea. Because 67 percent of employees use personal devices at work, employers should already have security processes in place to cope with the possible risks of mixing personal and corporate data. 3) Frequently update your network security systems: It's critical that network security systems, like as firewalls, antivirus software, and spam filtering tools, are installed on each device that remote employees use to access company or customer data, and that those systems are kept up to date. You can even consider investing in a mobile device management platform so that you can remotely delete a device of any sensitive data if it is lost or stolen.
  • 3. 4) Require employees to use strong and varied passwords. Weak passwords pose a major security risk to your organization, especially when remote work is involved, so it’s important that you advise your employees to use strong and varied passwords and to avoid reusing passwords. 5) Utilize multi-factor authentication: In order to authenticate their identity, multi-factor authentication (MFA) needs users to supply numerous pieces of information. Security questions, push notifications, personal identification numbers, and biometrics are all forms of MFA. 6) Train your employees well and supply them with robust IT support: The most effective remote work security measures begin with good training. Provide cybersecurity awareness training to your staff, and make sure your IT team is available to assist your remote workforce with any security problems. Stake Holders involved: 1.Chief Security officer (CSO) is the organization's chief security official; he gathers information from his team and prepares and publishes the organization's security standards and principles. 2.Security Analyst: Security Analysts reports to the CSO, they work on the company security. They are also involved in the preparation of guidelines, or any issues raised. 3.Forensic Team: forensics team help the company to investigate on the cybercrimes. We use them for investigating the cyber-attacks. DesignDiagram: Securityimplementationfor Accessingthe Company data and Apps
  • 4. References: [1] Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Special Publication 800-45 Version 2. [2] M. Delany, “Domain-based email authentication using DNS , May 2007. http://ietf.org.html [3] A countermeasure to email sender address spoofing by Toshiyuki Tanaka, Akihiro Sakai, Yoshiaki Hori, Kouichi. [4] Techniques and tools for forensic Investigation of e-mail International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 [5] Cyber crime – prevention & detection by v.shiva kumar, Asst.director A.P.Police Academy. [6] http://www.antiphishing.org.