Best Practices Series: Social Engineering & Phishing Attacks. How Is EPRIVO Emailing Made Resilient?
Social engineering is a commonly used attack vector against unassuming users that does not require any sophisticated technology. It is worth knowing how to recognize these attack attempts, and avoid falling victim to criminals aiming to gain access to one’s computer or device, and/or online accounts. Typical phishing attacks are malicious emails masquerading as something important/useful. Such emails can be in the form of a request from someone important at work, from your bank, school, doctor, lawyer, friend or relative, etc. In these emails attackers typically ask for passwords, for sensitive information to update accounts online, or ask you to pay some fees after accessing a fake website that looks similar to the actual one they imitate. In summary, these kinds of attackers may use one or more of the following tactics.
- Impersonating (or masquerading as) someone you know – by phone or email, for example
- Calling you and asking for sensitive information that can be leveraged in multiple ways
- Asking you to update accounts online through a fake website
- Looking over their shoulder to see (and steal) user names and passwords being entered
- Requesting you to open a malicious file, e.g. a Word document, zip file or an executable file
- Offering to help by accessing your device and stealing unrelated login, password or personal information in the meantime
- Asking for a password to access a setting in a device with the hope that the password can also be used elsewhere by user enabling some other kind of access
- Variants of the above
How is EPRIVO resilient to attacks through fake EPRIVO emails or by someone impersonating an EPRIVO user, for example?
Each email is authenticated by the EPRIVO cloud service and comes with dynamic authentication information added that only the real sender and recipient could know, including: (i) the last time an email was exchanged between the two parties, and (ii) the last time the recipient was online. This information helps to differentiate real emails from any fake ones that appear to be from a sender one may know. A malicious EPRIVO sender with a proper account (vs fake email) is unlikely to have any emails sent to or received from the recipient user – such emails would be marked as suspicious by EPRIVO.
Also, emails from an EPRIVO user always result in a notification being sent after authentication – if enabled on the device, as is strongly recommended. Emails that appear to be from an EPRIVO user, but are without notification, are probably attacks.
EPRIVO emails can only be viewed with the EPRIVO Privacy Manager installed in a device. EPRIVO emails are never in plaintext in third-party email software. Any user-created email that claims to be from EPRIVO and is in plaintext is likely to be malicious and/or scam. All EPRIVO emails have an .eprivo attachment that can only be opened by the EPRIVO viewer (Privacy Manager). EPRIVO never requests information such as PINs or passwords through email or text.
EPRIVO requires users to enter a PIN code for a session (short-time duration); or if a PIN code is not enabled, a password is required instead. After a security session expires (similar to banking apps) and/or after Touch ID-based authentication (when available), the PIN has to be re-entered. If you enter an incorrect PIN three times, the EPRIVO password is required.
EPRIVO supports OAuth 2.0 authentication/authorization for the underlying email carriers (when available). This is a token-based authorization standard that allows users to access resources online once their device is set up (typically through a first successful multi-factor authentication), and it doesn’t store passwords on the device. This authorization, together with the EPRIVO session-based authentication, works as a convenient and transparent solution for EPRIVO email authentication. Carrier passwords can be changed online, but updates to the EPRIVO app are not required if OAuth is available for a carrier account.
EPRIVO emails can be viewed in the EPRIVO Privacy Manager, and can also be accessed from third-party email software. The Privacy Manager only lists emails where the sender has been authenticated with EPRIVO, email was sent by sender, and trust has been verified. No fake emails masquerading as EPRIVO emails appear in that list.