Cybercriminals use social engineering techniques to trick users into providing login credentials, initiating fraudulent transactions, or unknowingly install ransomware
TAGUIG CITY, PHILIPPINES, 25 Sep 2018 – Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, today remind corporate users in the Philippines that email remains one of the most vulnerable vectors targeted by cybercriminals. The cyber-attacks are likely to happen to organizations that have yet to implement strong email security controls and best practices.
According to the Verizon Data Breach Investigations Report, two-thirds of installed malware is actually delivered by email. To gain access into an organization’s network, cybercriminals often use phishing or social engineering techniques in emails, thus counting on human error or a lack of cybersecurity know-how to trick users into providing login credentials or initiating fraudulent transactions, as well as to unknowingly install malware, ransomware and other malicious payloads.
“Due to the ubiquity of email, it continues to be a common attack vector for cybercriminals seeking to steal login credentials, money, and sensitive data.” Said Mario Luis Castaneda. “The top email-based cyberattacks carried out by cybercriminals today include phishing or spear-phishing, man-in-the-middle attacks, and zero-day vulnerabilities. Companies must therefore ensure they have strong security controls in place to detect and prevent these e-mail attacks.”
To help ensure email security, Fortinet’s cybersecurity experts advised users to:
- Filter Spam. Because most email scams begin with unsolicited commercial email, one should take measures to prevent spam from getting into the mailbox. Most email applications and webmail services include spam-filtering features or ways in which email applications can be configured to filter spam.
- Regard Unsolicited Email with Suspicion. Don’t automatically trust any email sent by an unknown individual or organization. Never open an attachment to an unsolicited email. Most importantly, never click on an unknown link in an email. Cleverly crafted links can take users to forged websites set up to trick them into divulging private information or downloading viruses, spyware, and other malicious software.
- Treat Email Attachments with Caution. Email attachments are commonly used by online scammers to sneak a virus onto computers. These viruses can help the scammer steal important information from the computer, compromising the computer so that it is open to further attack and abuse, and convert a computer into a ‘bot’ for use in denial-of-service attacks and other online crimes. As noted above, a familiar “from” address is no guarantee of safety because some viruses spread by first searching for all email addresses on an infected computer and then sending itself to these addresses.
- Install Antivirus Software. Users should install an antivirus program that has an automatic update feature. This will help ensure users always have the most up-to-date protection possible against viruses.
- Install a Personal Firewall and Keep it Up to Date. A firewall will not prevent scam email from making its way into users’ mailboxes. However, it may help protect users should they inadvertently open a virus-bearing attachment or otherwise introduce malware to their computer. The firewall, among other things, will help prevent outbound traffic from a user’s computer to the attacker. When a personal firewall detects suspicious outbound communications from a user’s computer, it could be a sign that the user has inadvertently installed malicious programs on his computer.
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 360,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries, and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail, FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification, or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements and expressly disclaims any obligation to update these forward-looking statements.