Security Manager's Journal: Spam makes a comeback

By Mathias Thurman, Computerworld |  Security

How could spam be an issue for a security manager in 2013? It's been years now since we all started subscribing to services that do a phenomenal job of filtering out advertisements for prescription medications and exotic vacations and dumping them into spam folders, where they usually accumulate and never bother anyone.

Trouble Ticket

A change in the email system has let some dangerous spam show up in inboxes.Action plan: Stay alert for evidence that employees have fallen victim to phishing attacks.

Until this past week, I likely hadn't spent five minutes in 10 years thinking about spam -- a testament to the effectiveness of spam filters. After all, about 98% of our incoming email is spam. If we didn't have effective spam-filtering engines, every employee would receive an extra 40 to 50 emails per day. That would hit productivity.

Probably because real spam has long been out of sight and out of mind for our employees, our general counsel was dismayed when he recently started regularly receiving emails that he deemed to be spam. He forwarded some of them to me, wondering what was going on. The emails purport to be from organizations such as ADP, FedEx and eFax, and at first glance they look legitimate. Only an inspection of the email headers would tell you otherwise.

Some of the emails contain links to questionable sites in places like China and Russia. Some include attachments that are supposedly required certificates or e-fax documents but in reality are zip files containing an .exe file. In short, these are not ordinary spam -- which is annoying and clogs networks but is generally benign. No, these are phishing attacks.

Soon, others in the company began to complain about an increase in spam. Why, I wanted to know, weren't these phishing attacks being intercepted and shuttled away from employees' inboxes?

I was aware that we have been migrating users to a managed Microsoft email service and that there had been talk of saving money by dropping our current spam provider in favor of Microsoft's spam prevention system, which is bundled with the mail service. I figured that was likely the root of the problem, and sure enough, my suspicions were right.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question