Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email Safety. Show all posts
Spear Phishing
AI threats Business Email Compromise CISOs Cyber Security Email Safety Generative AI Impersonation online threats Security Policies Spear Phishing

Adapting Cybersecurity Policies to Combat AI-Driven Threats

 

Over the last few years, the landscape of cyber threats has significantly evolved. The once-common traditional phishing emails, marked by obvious language errors, clear malicious intent, and unbelievable narratives, have seen a decline. Modern email security systems can easily detect these rudimentary attacks, and recipients have grown savvy enough to recognize and ignore them. Consequently, this basic form of phishing is quickly becoming obsolete. 

However, as traditional phishing diminishes, a more sophisticated and troubling threat has emerged. Cybercriminals are now leveraging advanced generative AI (GenAI) tools to execute complex social engineering attacks. These include spear-phishing, VIP impersonation, and business email compromise (BEC). In light of these developments, Chief Information Security Officers (CISOs) must adapt their cybersecurity strategies and implement new, robust policies to address these advanced threats. One critical measure is implementing segregation of duties (SoD) in handling sensitive data and assets. 

For example, any changes to bank account information for invoices or payroll should require approval from multiple individuals. This multi-step verification process ensures that even if one employee falls victim to a social engineering attack, others can intercept and prevent fraudulent actions. Regular and comprehensive security training is also crucial. Employees, especially those handling sensitive information and executives who are prime targets for BEC, should undergo continuous security education. 

This training should include live sessions, security awareness videos, and phishing simulations based on real-world scenarios. By investing in such training, employees can become the first line of defense against sophisticated cyber threats. Additionally, gamifying the training process—such as rewarding employees for reporting phishing attempts—can boost engagement and effectiveness. Encouraging a culture of reporting suspicious emails is another essential policy. 

Employees should be urged to report all potentially malicious emails rather than simply deleting or ignoring them. This practice allows the Security Operations Center (SOC) team to stay informed about ongoing threats and enhances organizational security awareness. Clear policies should emphasize that it's better to report false positives than to overlook potential threats, fostering a vigilant and cautious organizational culture. To mitigate social engineering risks, organizations should restrict access to sensitive information on a need-to-know basis. 

Simple policy changes, like keeping company names private in public job listings, can significantly reduce the risk of social engineering attacks. Limiting the availability of organizational details helps prevent cybercriminals from gathering the information needed to craft convincing attacks. Given the rapid advancements in generative AI, it's imperative for organizations to adopt adaptive security systems. Shifting from static to dynamic security measures, supported by AI-enabled defensive tools, ensures that security capabilities remain effective against evolving threats. 

This proactive approach helps organizations stay ahead of the latest attack vectors. The rise of generative AI has fundamentally changed the field of cybersecurity. In a short time, these technologies have reshaped the threat landscape, making it essential for CISOs to continuously update their strategies. Effective, current policies are vital for maintaining a strong security posture. 

This serves as a starting point for CISOs to refine and enhance their cybersecurity policies, ensuring they are prepared for the challenges posed by AI-driven threats. In this ever-changing environment, staying ahead of cybercriminals requires constant vigilance and adaptation.
Read more »
spying
Cyber Security Data Safety data security Email Safety Email scam email security Email Tracking Pixels Online Privacy Spy Pixels spying

How these Invisible Images Enable Companies Eavesdrop on your Email — Here’s all you need to know

 

The emails are eavesdropping on you. Most of the billions of emails that arrive in our inboxes every day contain hidden trackers that can tell the recipient when you open them, where you open them, how many times you've read them, and much more — a privacy nightmare that many call "endemic." Fortunately, you can take measures to safeguard yourself and your inbox. 

Advertisers and marketing firms, in particular, embed tracking pixels in their promotional emails to keep track of their mass campaigns. Senders can learn which subject lines are the most "clickable," and which of their targets are potential customers, based on how people interact with them.

Though this is beneficial from an analytics standpoint, it is frequently done covertly and without consent.  There is a simple way to disable email tracking. Continue reading to learn more about these troublesome little pixels and how to get rid of them.
 
Email tracking pixels:

The email tracking pixel is a surprisingly simple concept that allows anyone to secretly collect a plethora of information about you as soon as you interact with their messages.

When someone wants to know if you read their email, they insert a tiny 1 pixel by 1 pixel image into it. When you open the email, it sends a ping to the server where the image is stored and records your interaction. The sender can tell your location by checking where that network ping was launched and what type of device was used, in addition to whether or not you clicked their email and how many times you clicked it.

There are two possible explanations for why you never notice that tracking graphic. For starters, it's insignificant. Second, it's in GIF or PNG format, enabling the company to keep it transparent and invisible to the naked eye. A sender will frequently conceal this in their signature. As a result, that fancy font or flashing company logo at the bottom of a commercial email may be more than just a cosmetic presence.

More importantly, studies have revealed that by pairing your location and device specifications, advertisers and other malicious actors can link your email activities with your browser cookies. This opens a can of worms because it allows them to identify you wherever you go online and connect your email address.

Most email clients, including Gmail and Outlook, do not have this feature built-in, but you can use third-party tools. It's recommended to use the Chrome and Firefox extensions Ugly Email for Gmail. It places an "eyeball" icon next to emails containing tracking pixels and prevents them from spying on you. If you use Yahoo or Outlook, you can also use Trocker, which marks emails with trackers on their websites.

These extensions, however, are only available on your computers. You'll need to subscribe to a premium email client like HEY to detect email trackers on your phone.

How to block email tracking pixels?

Email trackers are easy to detect because they rely on hidden media attachments. The simplest method is to simply disable image loading in your email apps by default and only do it manually for emails you trust or when there is an attachment to download.

1. Adjust your existing inbox: On Gmail, the option to block external images is available under Settings > Images > Ask Before Displaying External Images on the web and mobile apps. On Outlook apps, it’s found under Options > Block External Images on mobile and Options > Trust Center > Automatic Download on desktop.

Though Apple Mail also lets you accomplish this from Preferences > Viewing > Load remote content in messages, you can directly block trackers on it as long as you’re on macOS Monterey. Head over to Mail > Preferences > Privacy and check the “Protect Mail Activity” box. 

2. Get yourself a private relay email address: The issue with the methods discussed previously is that they only block tracking pixels after the email has already arrived in your inbox — they don't remove them entirely. To ensure that you never open an email containing trackers by accident, you'll need a proxy address that scans your messages and eliminates any malware before they show up in your inbox.

Another advantage is that you can keep your personal email address private and only provide a relay ID to websites, newsletters, and other services. There are numerous free services that provide a proxy email address. 

Email Protection from DuckDuckGo is recommended. It allows you to create a new custom relay address, which secures your mail before forwarding it to your personal inbox by booting the trackers and encrypting any unsecured links in the body. DuckDuckGo adds a small section at the top of forwarded emails that tells you whether it found any trackers in it and, if so, which companies were responsible for it.

To sign up for the DuckDuckGo app on an Android or iPhone, go to Settings > Email Protection. You can get started on a desktop with the DuckDuckGo browser extension or its Mac browser.


Read more »
Subscribe to: Posts (Atom)