High volume spam is a seasonal business. Over many years spammers discovered best times of the year to ensure the highest possible response rate to their messages. It turns out that the period between Black Friday and the last day for Christmas shipping is one of the best times to reach an intended audience with malicious messages. It is a time of the year when we all do a lot of online shopping and are expecting confirmation emails from retailers we purchased goods from and tracking messages telling us where our packages are.
Here at Barracuda, we noticed this trend happening in the weeks leading up to Christmas. There was a large increase in fake UPS and FedEx messages and fake confirmation emails from your favorite e-tailers during this time.
We are all rushed during this time of the year, which often means that our guards are down. Combine that with receiving a message appearing to be from your favorite store proclaiming that there is an issue with your recent order, and we are exactly what the attacker is looking for as the weak link. The end result might be a spyware installed on our computer or ransomware locking all our data. The Chart below depicts volume of spam and ham (good messages) in the last 5 weeks of the year.
It's always wise for email users to follow best practices when dealing with email. For example:
- Do not open any attachments that are suspicious, even if they seem to be from someone you trust.
- Keep endpoint antivirus, patches, and other software up-to-date.
- Do not reveal any sensitive information in email, whether it is personal or owned by your organization.
- Pay attention to the URL in the body of an email, and the sender's email address rather than just the display name.
- If you aren't sure of whether an email is legitimate, verify by contacting the company or person directly on the phone, or through legitimate communications you have previously received from that company.
Once end-users are trained to follow best practices, ongoing awareness training may reinforce these skills and help turn them into habits.
No security strategy would be complete without a comprehensive solution in place to harden the email infrastructure. The Barracuda Email Security Gateway offers several features to stop threats before they get to the inbox:
- Advanced Threat Detection (ATD) scans email attachments in real-time and detonates suspicious attachments in a sandbox environment to observe behavior.
- Barracuda Central collects and analyzes data from more than 300,000 collection points worldwide in order to develop defenses, rules, and signatures.
- Barracuda Outbound Filtering stops spam and viruses from leaving your network, in the event of an internal infection. This feature also gives administrators the ability to enforce data loss prevention rules.
- Spam and Virus Pre-Filtering catches threats in the Barracuda Cloud Protection Layer, before the threat ever gets to the organization.
Barracuda offers the following email security solutions:
- Barracuda Email Security Gateway
- Barracuda Essentials for Email Security
- Barracuda Essentials for Office 365