Astra IDentity Blog

Only 17% spot emails correctly in spear-phishing simulation

October 12, 2015

As I mentioned in our Ten tips on not getting spear-phished post last week we have launched a game-like web based spear-phishing simulation on our website called Can You Spot the Impostor.

Can You Spot the Impostor shows players 7 emails in the web browser — all are personalized for the player but some are legitimate and others are spear-phishing. The player has to decide whether an email is legitimate or a phish. The game takes 2-3 minutes for the average person and teaches the player on how to spot phishing emails as you go through it.

It has been interesting to see the response to the game, and based upon some of the requests I […]

Read more

Ten tips on not getting spear-phished

October 6, 2015

When you see an e-mail from an old friend who you haven’t spoken with in a bit – what do you do?

Do you trust the e-mail – because you recognize their name? Or do you trust but verify the details before taking actions like clicking links/attachments etc?

If you are a “Truster” — you might be setting yourself up to get spear-phished. Spear-phishing is where a hacker pretends to be a friend, a colleague or a known brand to get you to open an e-mail and take an action. The Action might be to click a link, open an attachment OR send out a Wire Transfer.
“These attacks are real. The […]

Read more

Spear phishing email causes $46M theft

August 8, 2015

Brian Krebs of Krebs on Security reported yesterday that Ubiquiti Networks Inc lost $46.7 Million because of a spear phishing email. The attack worked by getting the company to wire transfer the money based on a forged email that looked like it came from a senior executive! The article further describes attacks against other organizations that use the same technique.

We have had at least a dozen conversations where we have heard about similar attacks against organizations — some  have succeeded and some have failed.  Some of these attacks are directly against companies as small as a few hundred  employees and for as little as $10,000 or as large as 100,000+ employees for tens of millions […]

Read more

From server hugger to Office 365 cloud lover

July 10, 2015

If our conversations are any indication, the past few months has seen many companies migrating or planning their migrations from on premise Exchange server to Office 365.

A friend – an early SaaS adopter – used to call companies with on premise mail servers “server huggers”; as in they love their servers so much they want them where they can see (and hug) them.

Interestingly – as companies decide on migrating to O365 they start moving from being “server huggers” to “cloud lovers” and start thinking about using the cloud for all their message infrastructure including firewalls, anti-spam/anti-virus gateways, archiving and more.

Invariably Microsoft’s Exchange Online Protection (EOP) comes up as a great option– it is great […]

Read more

Protect your brands & employees from e-mail – Part 2

June 22, 2015

In my previous post – Protect your brands & employees from e-mail – Part 1 – I talked about the pros and cons of using Sender Policy Framework (SPF) to help protect:

1. Your brand against e-mails sent by hackers pretending to be from your organization and

2. Your employees against e-mails from hackers spoofing brands or users from other organizations.

In this post, lets talk about another standard called DomainKeys Identified Mail (DKIM). Where SPF was built to indicate the server IP’s authorized to send email on behalf of a domain, DKIM was built so that a receiving server can further ensure that the contents of the message haven’t been forged and are really sent by a […]

Read more