Other issues in this category (24)
Time bombs in emails
Friday, September 11, 2020
As you know, emails need to be scanned not only on PCs but also on mail servers immediately upon receipt. This eliminates the possibility of a bogus email catching the eye of a user who will disregard anti-spam and anti-virus recommendations, fall for fraudsters' tricks, or open a malicious file.
Moreover, if emails are scanned on a server, they can be opened safely on a machine that has no anti-virus and anti-spam installed on it. This solves a lot of problems for companies that allow their employees to access corporate mail from their personal devices, which can be particularly important when many staff members work remotely.
But why not stop checking emails on PCs altogether? There are arguments against doing this.
- Many users (especially on their home computers but also at their workplaces) don’t just send and receive email through their company's servers. And that includes their corporate correspondence and their personal emails. This issue’s author used to forward messages to another mailbox just to read them—the email client had some message encoding issues.
- An anti-virus doesn’t always know there’s a malicious program lurking in a message the moment the server receives it. Because users do not necessarily open emails immediately (for example, a message scanned on a server last night may only be opened the next morning), the likelihood of detecting a new, previously unknown threat during a later anti-virus scan increases.
But that's not all. Note that in the realm of Android malware, virus makers often design their trojans in such a way that they only become malicious at a later point after installation. That prevents them from being identified as malicious after they have been uploaded to a software catalogue or while a user is downloading a program to their device.
So, attackers can use a similar trick in their bogus emails. If an unwanted message contains a link, no malicious content will be present on the website it points to at the moment the criminals dispatch the message. So, even if a site is examined while the message is being scanned on the server, it will appear that no threat is involved. But, after a while, the contents of the site will be altered.
The vast majority of users never delete messages after reading them, and emails are stored in mailboxes for years. An attack involving bogus links may succeed at any point.
How can this danger be avoided?
Using a sandbox is one way to tackle the problem: Open the message on a server before the recipient gets it, and wait a while. But managers want to receive their correspondence as soon as possible, and scammers aren't fools and may take their time to wait until the sandbox examination time runs out.
The Anti-virus Times recommends
Anti-spam software must be up and running on PCs. Links should be examined using the Parental Control, and all downloaded data must be checked by an anti-virus traffic scanner.