Site icon Cybertek Defense

Spam

Part 1 – 7: Terms and Definitions for Spam

TermDefinition
SpamUnsolicited messages via mail or email
Identity FraudUsing someone else’s identity without them knowing
Spear PhishingScam used to target specific individuals
Spam Over Instant Messaging (SPIM)Unsolicited messages sent via instant messaging apps like Text or Chat windows
BlacklistList of blocked senders or domains

Spam comes in many shapes and forms. It is delivered to your inbox within your email account, sent to your physical mailbox at the end of your driveway or post office, or any type of messaging service such as text messaging or voicemail which is also known as Spam Over Instant Messaging (SPIM). Spam is a common method attackers use to get victims to open the mail and click on links or to apply for something. This usually is a precursor of an Identity Fraud attack or an attack to steal information from the victim through the use of malware. Spam can also be used to target specific users in a Spear Phishing attack. The purpose of spam helps the attacker send hundreds of thousands of emails or messages to end users in hopes to get someone to open the message to be attacked. Most email filters have systems in place to help protect end users from opening these types of messages. Other filters will even automatically delete or move the messages into a junk location so that you do not get a chance to even see the message. The downside to spam filters is that while it can block a lot of spam, other messages that are legitimate could potentially be sent to junk folder.

While every firewall which is installed in production systems today have spam filters, there is a comprehensive list of tools and configurations to manage spam appropriately.

An option that spam filters commonly have are sender allowed/blacklist lists. These lists are usually managed the a system admin which must be entered in manually or through a predetermined list that can be imported into the firewall. There are alternatives to adding your lists to the firewall such as end-user automated tasks where they can add an email to either list on the firewall without the need of admin intervention.

Blocking emails that look exactly the same which are sent to multiple users within the same company is another viable option. Most spam emails tend to follow the same message type and links which are part of a phishing scheme. A spam filter can utilize this feature to block all emails that are spam-like, contain links to invalid websites, or is from a sender who is using spoofed address.

By integrating your active directory with your firewall, you can cross-reference user accounts within a company to what senders are sending within your domain. This feature will block emails based on specific email address requirements such as if the sender’s address is being spoofed from the same domain which the email is being sent to, If the recipient’s address is being spoofed acting like the recipient is an active employee when they do not have an SMTP address within the domain. Overall, LDAP integration focuses heavily on the sender and recipient fields from an email.

Emails that are sent from spoofed accounts usually will be checked for IP address association. When an email comes from another IP other than its IP subnet, the email will be blocked. This check can have large amounts of false-positives with cloud email systems due to domains being used within different environments and networks.

Exit mobile version