More spam during COVID-19? Here are 8 ways to block it.

by May 6, 2020Security

On top of the global health crisis and economic fallout, COVID-19 has ushered in a new wave of spam emails and coronavirus-related scams.

More than just a nuisance, these emails can be extremely dangerous for a business – especially at a time of so much uncertainty. Spam can be a carrier for numerous cybersecurity threats, including:

  • Malware and viruses
  • Ransomware
  • Phishing schemes
  • Scams leading to theft of data or money

Good cybersecurity training can help employees know how to identify and avoid potentially dangerous emails. But additional layers of protection are still vital.

If your business is seeing an uptick in spam during the coronavirus pandemic, here are some effective ways to block them and the threats they contain.

 

1) Strengthen spam filtering settings

Your email client (or email server) can do a lot of the heavy lifting of flagging spam and weeding out the most dangerous messages.

Most email clients have built-in email filtering capabilities, which can detect spam based on common red flags, including the content of the message, suspicious attachments or sender information.

Some clients allow you to customize the “strength” of the filtering, letting you control how much spam reaches your inboxes. Just keep in mind that stronger filters may begin to flag legitimate emails as spam, too.

When feasible, apply spam filtering settings across the organization. Additionally, third-party spam filtering solutions are available for businesses that want greater protection and more configuration options.

 

2) Block bad IP addresses

Your network firewall, as well as some email clients and spam filtering software, can automatically block messages from known malicious IP addresses.

IP addresses are kind of like the digital location where an email originated. Big-time spammers will often blast out millions of emails, originating from the same IP. Over time, these IPs get flagged as malicious by web hosts and email service providers (ESPs). The flagged IPs are then blacklisted, preventing them from reaching networks that have IP blocking enabled.

Firewalls can block both universally known bad IP addresses, as well as IPs that your business is struggling with. For example, if you’re suddenly receiving an increase in spam during COVID-19, and you find that some of it is coming from the same IP, you can manually blacklist that IP. This will block all future messages from that IP, so they never reach your inboxes in the first place.

 

3) Authenticate inbound emails

Email authentication is an added layer of protection that ensures senders are really who they say they are. Three protocols that support this authentication are:

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): a technical specification that can detect when messages don’t originate from the Internet domain that appears in the message.
  • DomainKeys Identified Message (DKIM): a signature-based email authentication that adds a digital signature to emails in the message header.
  • Sender Policy Framework (SPF): a path-based email authentication technique that uses a DNS TXT record to provide a list of authorized sending IP addresses for a given domain.

Together, these frameworks can help to detect phishing, spoofing and other potentially dangerous emails, banishing them from your inboxes (or alerting users to their deceptive nature).

 

4) Scan emails for executable files

Executable files—applications that install when opened—are relatively easy to spot. But users may not notice them when they’re attached to emails with file names like “Invoice” and “Receipt.” Once the attachment is opened, the program executes and can begin installing a host of nasty malware, assuming no other security is enabled.

Why allow employees to make this mistake in the first place?

Scan your inbound emails to weed out any messages containing executable files, unless personnel actively send and receive such files.

Again, we’re talking about .EXE and other executable files, which the majority of your employees probably have no reason to be receiving. If users have no reason to receive an actual application attached to an email, then you might as well block such emails entirely.

 

5) Leverage your antimalware solution

If you’re using a business-grade antimalware solution, then you likely have even more advanced options for stopping spam and other dangerous messages.

Antimalware solutions can actively scan incoming and outgoing emails for potential threats. Some can be configured to filter out spam, or merely alert users to emails containing viruses and malware.

Choosing an antimalware solution will largely depend on your business’s existing cybersecurity infrastructure and the size of your organization. But for maximum protection, you’ll want to secure every endpoint. If a device connects to your network, it should be scanned for malware. This will ensure nearly every potential threat, whether originating from email or other sources, is detected before it wreaks havoc on your business.

 

6) Flag all external communications

At many businesses, employees rarely have the need to email anybody outside the company. Some departments communicate almost entirely with coworkers who have company email addresses.

So, when a message suddenly comes from an outside email address, users should be suspicious. Why not flag all such external emails, so that employees know right away that the message may not be from a trusted sender?

This can be as simple as applying a rule within your email settings that adds a warning to the subject line when it arrives in the inbox: [EXTERNAL].

This is a simple, yet effective layer of security, especially when you factor in the danger of spoofing. Savvy cyber-attackers can make their messages appear as if they came from a company email address. And unless the recipient carefully inspects the sender data, then they may not suspect anything is amiss.

Flag those external emails, so that users know right away to treat those messages carefully.

 

7) Make your domain registration private

This is another super-easy strategy that smaller companies often overlook.

Your company’s website domain, and associated registration information, could be triggering more spam in your inboxes. When you register a domain, your contact information, including your email address, is posted publicly for anyone to see. Spammers can easily “scrape” these email addresses in bulk from the WHOIS database and blast those inboxes with spam.

Simple solution: make your domain registration private. Registrars typically offer the ability to cloak your contact information in the WHOIS record (for a nominal fee), so that your name and email are not posted publicly.

This method won’t stop all spam, of course, but it can make a noticeable difference, while also giving you some added privacy.

 

8) Remove email addresses from your website

Like the domain privacy. this method won’t technically “block” spam, but it can help to reduce it.

Whenever you post a company email address online, it’s pretty much guaranteed that you’ll receive spam at that address. Again, this isn’t because spammers are tediously searching every page on your site. They’re using automated bots that scan the Internet, scraping every email address they can find.

So, if you have an entire company directory online, or a list of employee bios with email addresses, you can bet those accounts are being spammed every day.

Worse yet, it’s not just the published email addresses you need to worry about. Once you publish one email, scammers can use software to determine the syntax of all your addresses and begin guessing other employees’ contact information by cross-checking with other data from your website (i.e. a list of employee names).

So even if you only have one email address posted online, it could result in several of your accounts being spammed.

 

More tips for handling spam

Federal authorities like the FBI have warned that fraudsters are “using the uncertainty surrounding the COVID-19 pandemic to further their efforts” – and they’re specifically targeting business email.

Knowing how to identify those emails as malicious is a vital first step. But equally important is how employees handle the messages once they’re in the inbox.

These steps can help to further reduce spam and prevent malicious messages from unleashing problems.

  • Delete obvious spam without opening the message. Hidden code or tracking pixels in the email can detect when the email is opened. This gives a green light to the spammers to keep the spam coming. So if users can tell from a subject line or sender information that the message is clearly spam, they should delete it without opening it or previewing it at all.
  • Disable images from loading: Tracking pixels can be blocked from firing by preventing any images in an email from loading unless the user approves the content as trusted. This will prevent the spam from communicating back to the sender that the email address is active.
  • Flag & report bad emails: ESPs and email clients typically offer ways to mark emails as spam, which can help to improve the filtering algorithms. Additionally, ESPs and SaaS-based email services like G Suite and Office 365 also allow you to “report” spam email. This sends sender information and other data back to the email providers, allowing them to improve their spam filtering technologies and fine-tune blacklists.

 

Don’t forget data backups

In the event that a malicious email breaks through and compromises your systems, you want to be sure you have a dependable backup. For information on today’s leading backup and disaster recovery solutions, contact our business continuity experts at Invenio IT. Call (646) 395-1170, email success@invenioIT.com or request a free demo.

New call-to-action

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.