“Good morning, Jim. Are you at your desk? I need you to do something for me.”
It begins with a quick morning email from a manager or CEO, which lowers the target’s guard. There are no suspicious attachments or links to raise alarm bells. This can even fool those who are otherwise adept at spotting a phish. If they respond, the scammer then asks for some kind of financial transaction to occur. (e.g. a wire transfer, gift card purchase, or direct deposit change)
Impersonation scams like this are continually on the rise. They are disturbingly easy to execute and can lead to dramatic payouts for the scammer. They also frequently pass through mail filters because they simply contain conversational text from previously unseen addresses. Also referred to as “whaling” or “spear phishing”, attacks like this cost organizations billions of dollars every year.
Standard email authentication schemes such as SPF, DKIM, and DMARC, which operate on the sender’s address, cannot protect against this since the scammer often does not spoof the address. They only need to spoof the executive’s name in order to achieve their goal. In fact, the message will frequently pass SPF, DKIM, and DMARC checks, since it may originate from a large ESP such as Gmail, Yahoo and Outlook.com. For example:
From: “Judy Smith” <firstname.lastname@example.org>
Subject: Quick question
Hey, are you in the office today? I’ve got a favor to ask you.
The scammer is hoping for one of two things:
1. The target only sees the sender’s name, and assumes it is reliable.
2. The target sees the unusual email address, but assumes it was sent from the executive’s personal account, cell phone, tablet, etc. (The scammer may even include “Sent from my iPhone” at the bottom of the message to aid in this misdirection)
CEO Fraud Protection by Securence guards the executive’s name, displayed as the sender, and is the key to the scam. If an email claims to be from a protected name in Securence, but the email address does not match, then Securence will take action. Standard actions include: block, quarantine, notify an administrator, or deliver the message after modifying it to include a warning.
Login to your account today to setup this critical feature. It is available under the Phish settings for your Domain, Group, and Company accounts. There you will also find further documentation, including best practices for configuration and tips on avoiding false positives during and after rollout.
As always, we welcome your feedback. Reach out to us at email@example.com with any questions or concerns.
What is it?
A zero-day virus is a computer virus that can either be a slight mutation of a previously seen virus or completely new. Therefore, the defining characteristic of a zero-day is simply that it is new. It has purposely been changed in order to be able to avoid detection from antivirus programs. They are designed to exploit your systems vulnerabilities and takes advantage of the fact that even the largest antivirus protection may have no current solution to defend against these mutated viruses. By attacking these vulnerabilities, the malware is able to sneak in and perform actions on your system that otherwise would not be permitted.
Most antivirus programs use signatures to search your computer for malicious programs and attachments. But a zero-day virus is good at hiding itself from being caught – It flies under the radar and does not send off a known signal. Antivirus software blocks against signatures that it has seen before. Each virus has a unique known signature, so when a zero-day virus changes it ever so slightly, it is able to slip through the cracks and send malicious content to you. While most programs develop a patch to fix the problem after the attack has occurred, that doesn’t protect against future vulnerabilities once the signature of the virus mutates yet again. Wouldn’t you want to stop the zero-day virus before it does any damage to your private and sensitive data?
How it attacks
One of the most common ways to infect a computer is to create a malicious email attachment. Most of the time, these attachments look completely legitimate. For example – say Fidelity Investments is your financial advisor. Most likely, you have their name, address, and personal advisor’s details in your contact list. If you were to receive an email that looked like this, would you open it?
It’s from a trustworthy name, it’s on letterhead, and there are no spelling mistakes. Though this information looks familiar to you, it’s a trap. For example, we took this attachment at the time it was caught using Virus Total and out of 57 scanners (now there are 58), only four caught it.
It was able to fool Malwarebytes, MacAfee, AVG, and even Microsoft – and this zero-day virus was sent through Microsoft’s own Exchange servers!
By running this same file through Securence, the virus was caught. That is due to the fact that while many of the best antivirus software search for recurring signatures, Securence adds another layer of protection by using predictive blocking. Though we had never seen this specific virus, we are able to catch it because the virus used a pattern similar to what we had seen before.
Ensure you have the best protection
Of course, antivirus software is not without value. Some protection is better than none. However, zero-day viruses are specifically designed to circumvent the best names in antivirus, so for full protection, it is important to add extra layers where they are needed.
Instead of looking for just the “static” pattern that are typical for certain viruses, Securence looks for “fluid behavior patterns.” By looking for these flexible behavioral patterns for things that tend to exist but have never truly been seen before, we can predict how the virus may mutate in the future. This allows our program to be proactive and agile so we can stay ahead of hackers that want your personal information.
You, your company, and your clients deserve the best possible protection against zero-day viruses. Our solutions are affordable, complete, and incredibly agile. They also protect you from every angle including inbound and outbound email filtering, first-in-class encryption, secure email archiving, email shadowing, and more. Rather than providing retroactive fixes once a zero-day virus attacks, we focus our R&D on stopping the virus before your data is accessed. Only 7 percent of the top antivirus scanners caught this Fidelity virus the day it was released and Securence was one of them.
Securence scans each of your emails to determine whether or not they are spam. Securence retains messages it determines to be spam in your personal Quarantine. Instead of allowing spam to be delivered to your inbox, Securence stores these messages securely for a period of 30 days. After which, they will be automatically deleted.
If your administrator has enabled the Spam Digest, you will receive a regular summary by email of the most recent messages quarantined for your address. This digest will be sent to you according to the schedule determined by your administrator. The following is an example of a typical digest:
For each quarantined message, the digest displays standard message attributes: sender address, subject, recipient address, date/time and available actions. To view a quarantined message, simply click on the subject of the message you wish to view and it will be displayed in your web browser. For each message, there are various actions that can be taken directly from the digest:
When viewing a quarantined message in your web browser, additional actions may be accessible to you, such as “whitelisting” the sender. This will add the sender’s address to your list of trusted senders and prevent mail from them from being marked as spam.
Another way to view your quarantined messages is by logging in to the Quarantine interface through a web browser.
This allows you to browse all quarantined messages sent to your email address.
Either click the Login to Securence link at the bottom of your spam digest or
open a web browser and visit https://admin.securence.com/
If this is the first time you are logging in and your administrator has not provided you with a password, you will need click the Activate Account button. You will be taken through a series of steps in order to confirm your identity and get started with Securence:
You should now be able to view your Quarantine and/or manage your individual user settings in Securence.
Here is an example of how the Quarantine interface appears upon logging in:
From here, you can search your Quarantine based on multiple criteria including sender address, recipient address, and subject. To view a message, simply double-click the row in the grid for the message you would like to view.
Additional options from within the Quarantine interface that may be available to you:
If your outgoing mail is also filtered by Securence, you may view those quarantined messages separately by first clicking on the Outgoing tab at the top of the page.
You may also take action on multiple messages at one time. Select all applicable messages by checking the box in the left-hand column. Then click the desired action (e.g. Release, Forward) at the bottom of the window.
A false negative is an actual spam message that was not filtered out and sent along to your inbox. If you believe a message has been delivered to you that is spam, you may forward it to firstname.lastname@example.org. Submitting spam in this way helps to improve the mail filters in Securence.
In the event of an email server outage, you can still access inbound email through your Continuity mailbox. To access your Continuity mailbox, go to https://webmail.securence.com and login using your regular email address and password.
If you have forgotten your password, click the Forgot password link and you will be able to create a new one. However, while your email server is down, since you cannot receive new messages, this procedure requires that you have either an alternate email address or mobile phone number configured in Securence. Securence will send a confirmation code using either of these alternate channels in order assist you in changing your password.
Continuity is an additional feature that may or may not be enabled for your domain. Consult your system administrator to confirm access to this powerful feature.
What is a zero day virus?
A zero day virus, is, simply put, a new computer virus for which there is no defense. It is designed to exploit your system’s vulnerabilities, taking advantage of the fact that even the largest antivirus protection programs, like AVG™, Norton™, and McAfee®, have no ready solution.
Most antivirus programs use “signals” to search your computer for malicious codes, attachments, and viruses. But a zero day virus is like a stealth bomber. It flies “under the radar” and does not send off a known signal. Most programs develop a patch to fix the problem after the attack has occurred, but Securence™ has a better solution. We can stop a zero day virus before it does any damage to your private and sensitive data. Read on to learn how.
How Sneaky is a Zero Day Virus? Very!
One of the most common ways to infect a computer is to create a malicious email attachment. Most of these email attachments look completely legitimate. For example, let’s say Fidelity Investments is your financial advisor, so you have their name, address and personal advisor’s details in your email contact list. If you get an email from Fidelity that looks like this:
would you hesitate before opening it? It’s from a name you trust. It’s on letterhead. There are no spelling mistakes. It contains information that looks familiar to you…and it’s a trap.
Securence put this Fidelity zero day virus to the test. Using Virus Total, an analytical tool that simultaneously harnesses the power of 57 antivirus scanners, we scanned the fake Fidelity document. The results were scary.
Out of 57 scanners, only four caught the virus. This virus fooled Malwarebytes, McAfee, AVG and even Microsoft – and this zero day virus was sent on Microsoft’s own exchange servers!
We ran this same file through our own Securence program; and it caught the virus. That’s because while many of the best antivirus software programs search for signals, Securence adds another layer of protection by also searching for patterns.
Securence Protects Against Zero Day Viruses
We are not saying that other virus protections are inadequate. Some protection is better than none. However, zero day viruses are specifically designed to circumnavigate to the top names in antivirus protection, so for full protection, you need something more. That’s where Securence steps in.
As mentioned above, our leading enterprise email filtering system doesn’t just look at signals. It analyzes the patterns that zero day viruses use, and anticipates the signals and patterns that new zero day viruses may use in the future. Our program is designed to be proactive and agile so we can stay ahead of the hackers that want your private information. Our solutions cover you from every angle: inbound and outbound email filtering, first-in-class encryption, secure email archiving, email shadowing and much more.
You Deserve Protection Against Zero Day Viruses
You, your company and your clients deserve the best possible protection against zero day viruses. Our solutions are affordable, complete, and incredible agile. Rather than providing retroactive fixes once a zero day virus attacks, we focus our R&D on stopping zero day virus before they access your data. Only 7 percent of 57 top scanners caught the Fidelity virus, and we were one of them. For smart protection, call Securence today.
Email security protocols are always changing as hackers discover new ways to break into email accounts. That is why Securence offers a wide range of email protection services with every email security package. These services not only help keep your Office 365 email accounts safe; they can also help cut the clutter and keep you running in case of a server crash. Best of all: Securence will beat any competitor’s pricing so you can enjoy the best email security protection program available at an unbeatable price.
Here are the services you can expect when you choose Securence as your email security provider.
1. Lowest-Cost Inbound Filtering
One of the greatest threats to any email account is the mail that manages to show up in the inbox. It is likely that your Office 365 filters are strong by default, but hackers and malicious email scammers are always outpacing Microsoft’s security protocols. It is one of the most important reasons why companies need extra protection.
Inbound filtering will help eliminate external threats to your business’ email accounts. These can include phishing schemes, requests from foreign “princes,” and other emails that could potentially contain viruses or spyware.
2. Lowest-Cost Outbound Filtering
Just as inbound filtering protects your email accounts from certain external attacks, outbound emails can help contain the spread of these attacks. In the case where someone manages to download a malicious email, outbound filtering can help their email stop the spread.
3. Lowest-Cost Email Continuity
Almost every major tech company that offers email suffered server outages this year, including Amazon and Google. These outages can sometimes last a barely-perceived minute or a couple of days. In each instance, emails sent and received during those outages are lost and accounts are all but inaccessible. Email continuity services provide a backup email server that is constantly updated with every piece of mail sent. When the primary servers go down, these servers seamlessly take over. And when the primary servers go back up, they are automatically updated with all of the information sent during the outage.
4. Lower-Cost Email Encryption
Email encryption is an extra layer of security that helps ensure your emails are seen by the intended recipients and no one else. Without added encryption, sensitive information sent via email can be intercepted, including credit card information, personal details, and other data that should be away from prying eyes.
5. Lowest-Cost 10-Year or Unlimited Year Email Archiving
Finally, Securence offers email archiving services to ensure that your emails are always available. This program can help you stay compliant with federal regulations and your clients’ own security expectations, all while ensuring every email is at your fingertips.
Securence offers the most effective and lowest cost solution for safe-guarding your Office 365 email system. With a wide array of email filtering, protection, and continuity services built right into every package, you and your business can enjoy unprecedented email protection at the lowest cost available. Not only will Securence price match any competitor’s pricing, but they will also beat it so that you can have the protection you need at a price you can afford.
Being one of the most popular email services on the planet, Microsoft’s Office 365 has also become the most popular target for cyber attacks. People are constantly targeting Microsoft 365 users and servers with spammers, Crypto Locker schemes, malware, viruses, and, in some cases, outright threats. The ways in which they infiltrate people’s email accounts has become more and more sophisticated as well, and Office 365’s low-grade spam filters have made these sorts of malicious behaviors easier and more effective.
Luckily, as these attacks become more prevalent, the solutions do as well. Cyber security companies like Securence have developed custom email protection packages that help keep your emails safe from attacks and other inconveniences that come with Office 365 services. Securence can help your Office 365 users stay safe while staying connected. Here’s how.
Simple, Affordable Filtering
Securence’s email filtering services have Zero Minute update technology providing the most effective blocking signatures in the industry, which will help keep your inboxes free of toxic email scams, spam, and phishing schemes. Best of all, it can be done for as little as a dollar a month.
Securence’s email filtering services are constantly updated with new security protocols, which can help keep your inboxes free of toxic email scams, spam, and phishing schemes. Best of all, it can be done for as little as a dollar a month.
No matter how well you filter emails, disaster may still come. It could be the result of a virus or malware sent through an email that bypassed security. It could be because Office 365 has had to shut down its servers from time to time for maintenance and security reasons.
When your email goes down in today’s world, your business can come to a screeching halt. With disaster recovery options, however, you can gain uninhibited access to your emails, no matter the state of Office 365’s servers. Securence’s disaster recovery protocols keep backups of all your user’s emails on a separate server. In the event of a server issue at Office 365, your users will still be able to access, send, and receive emails. When the original servers are back up and working, the new emails and activity will be automatically updated, letting you enjoy seamless email access and communication, no matter the state of the original servers.
Microsoft’s Office 365 offers some of the most widely-used and powerful programs that are available to modern businesses. Each of the applications has become the standard for the office world almost anywhere on the globe. That prevalence, however, comes with a few risks, and Office 365 users can be targeted by multiple malicious attacks. That is why every Windows product should have its security bolstered, and Securence has effective, affordable services that can help. With email filtering services and backup protocols, you can enjoy seamless email service that’s also more secure, keeping you and your Office 365 users safe and connected at the same time.
Over the weekend of May 13-14 2017 news broke of a new Ransomware called WannaCry. This Ransomware affected some large institutions.
WannaCry uses a vulnerability in Window’s file sharing to spread from one infected computer to another. This vulnerability was discovered by the NSA and kept secret until someone hacked the NSA and eventually leaked the information publicly. The vulnerability was patched in Microsoft’s March 14, 2017 software update. This was a month before the vulnerability was publicly exposed on April 14,2017.
This exploit may be known as other names or be associated with some of the following terms:
The most important thing to do to protect your systems from this infection is to update your Windows systems. There is a patch available for all supported Windows operating systems as well as these no-longer-supported Windows systems:
Versioning backups are critical, if you only have the most recent version of a file, you will have a backup of the already encrypted file, this is not helpful. You must have the option to choose a backup from before the Ransomware started encrypting files.
Some Intrusion Detection Systems have signatures for WannaCry, but, there are no specific signatures for emails. So far, WannaCry spreads exclusively through SMB protocol attacks, not email. Future variants may use different vectors as noted above.
Securence uses multiple virus engines to identify malicious content in emails and they are all automatically updated as quickly as the A/V vendor publishes new signatures. Unfortunately, recently A/V engines have been ineffective identifying the newest phishing and ransomware messages. Securence has developed significant identification techniques to block these messages. Thousands of malware emails are blocked every day by these techniques.
If current or future WannaCry attacks are spread via emails they will likely use the same tactics as previous ransomeware and viruses:
When they do, Securence is ready.
Securence uses DigiCert certificates, you will find additional details about their certificates here: https://www.digicert.com/digicert-root-certificates.htm
See also: SMTP over TLS supported cipher suites
These are the Cipher Suites supported by Securence. When negotiating a cipher suite the order below is the preferred order.
Se also: SMTP over TLS Certificate Chain