Cybercriminals' email tactics have evolved very quickly in the last 2 years!
10 years ago, we were mainly submerged with pharmaceuticals (like Viagra...) emails or "send money so save a Nigerian uncle's life" spams. Today, users are facing fake job applications, false invoices, emails sent from their (impersonated) boss asking them to make a bank transfer for a professional purchase he wants to make...
Are anti-spam filters adequate to block cybercrimals' ingenuity and tactics nowadays?
What are the 2 main types of spam?
SPAM = UNWANTED EMAILS
Technical spams (phishing, malware emails, spoofing emails)
Technical spams are emails you should really be scared of and make your priority to block. These emails combine two aspects: one around exploring technical liabilities, other in exploring social relationships.
- Malicious emails:
- In the attachment: contains malicious file,
- In a URI in the email body or attachment: you could click and website looks good but there is a drive-by malware.
- Fraud emails - via social engineering / BEC / impersonation: when cybercriminals know your name, or something about you, your company, your colleagues, you home and use it to get something from you. It’s all about the severity of the intended fraud.
Advertising spam emails
Advertising spam emails are undesirable advertising on both legitimate and illegitimate businesses – for example black market pharmaceuticals.
Unwanted sales emails. They have massively reduced in the past years, especially in Europe, with the application of the GDPR. A few unwanted sales emails still may go through spam-filters, but it is fair to say users’ productivity has increased with only 1 to 10 unwanted sales spams in their inbox per day / per week (depending on anti-spam capacity).
Worryingly, too many, too many IT technicians believe their anti-spam filters are the reason why such spams have reduced, when this European trend has little to do with anti-spam effectiveness.
Technical spam Vs. Advertising spam
You understandably do not want to receive any unwanted emails. However, it is important to remember advertising spams will mainly impact users' time and productivity when technical scams will actually involve IT security threats and jeopardise companies' future. It is important to put effort into blocking them from arriving to users' inboxes, in order to reduce possible human mistakes.
Antispam filters at different system levels
Emails can be filtered at different levels of their delivery. Users are not always conscious their emails can be filtered at several of these levels.
Anti-spam filter from Internet Service Providers
Anti-spam legislation obliges Internet Service Providers (ISP) to filter emails and remove most well-known spams.
ISPs scan outgoing traffic for IP reputation: if their users were to send spam waves, all the ISP traffic could be blocked by other ISPs. IP addresses are checked against blacklist databases available worldwide and put together by governments, antivirus and email security companies. All emails from blacklisted IPs are automatically removed.
Sometimes, ISPs team up with Email Security Gateway companies to offer additional protection to their clients. Due to the load in traffic and the behavior of residential customers, these are usually cut down, traffic focused versions.
Email Security Gateways & anti-spam
The main target of Email Security Gateways (ESGs) is to stop spams. It can exist on premises or in the Cloud, free or on-purchase.
Free ESGs usually combine standard blacklists with other open-source components, also available for free on the market, such as free antivirus lists (ClamAV), Mail Transfert Agents (MTA), Postfix, Apache SpamAssassin, Apache Cassandra databases or Linux Ubuntu LTS. Main downfall? The update frequency is not fast enough to catch up with cybercriminals' always changing tactics and with the expansion of ransomware-as-a-service.
Paid ESGs do provide regular updates. Our email security service receives hourly updates... and more often should a zero-day attack be detected.
Anti-spam filter on the email server
Cloud and On-premises email servers use antivirus engine (BitDefender for Microsoft 365/Exchange/Hotmail) and content analysis filtering to check subject lines and words in the body of stored emails against keywords used by spammers (gathered in worldwide databases, put at disposal by government and security companies). Emails with high-spam content are remove or end up in junk box.
However, Gmail, Google WorkSpace Basic, Hotmail, Microsoft 365 Business Basic and Standard packages do not analyse email attachments and URL links in email bodies. Such possible threats are part of extra advanced threat protection package, available for purchase!
Anti-spam filter at the firewall level
Firewalls scan for bad files, including files from email attachments in order to check if they can contain virus, malware or trojan. Firewall scans also detect when users download or open malicious files, not only from websites but also when hidden behind an apparently genuine URL in the body of an email. However, once on the system, it may already be too late, and a ransomware attack could have already started to propagate.
Phishing emails are not detected by firewalls, nor impersonated emails trying to trick users.
Anti-spam filter at the end point (PC)
Often provided by an antivirus engine, such as Windows Defender, or the “new” focused inbox in Microsoft webmail. They scan emails for keywords known by antivirus for being malicious, as well as files for virus, combined with IP reputation filtering.
Zero-day attacks and Business Email Compromise (BEC) are often not stopped in time with such filtering solution.
What's the best anti-spam filter against today's threat?
Rule number one in IT Security: multi-layer! This is also valid for spams and scams, the more the merrier but should you have a limited budget for email security, we recommend you to look at Cloud based Email Security Gateway solutions such as our Chrome and Silver packages. It includes over 15 types of filtering method, including all the other method other anti-spams filters use, plus several anti-virus engines with European Cloud services.