Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    Detecting and Combating Malicious Email
    Detecting and Combating Malicious Email
    Detecting and Combating Malicious Email
    Ebook145 pages1 hour

    Detecting and Combating Malicious Email

    By Julie JCH Ryan and Cade Kamachi

    ()

    Read preview

    About this ebook

    Malicious email is, simply put, email with a malicious purpose. The malicious purpose could be fraud, theft, espionage, or malware injection. The processes by which email execute the malicious activity vary widely, from fully manual (e.g. human-directed) to fully automated. One example of a malicious email is one that contains an attachment which the recipient is directed to open. When the attachment is opened, malicious software is installed on the recipient’s computer. Because malicious email can vary so broadly in form and function, automated detection is only marginally helpful. The education of all users to detect potential malicious email is important to containing the threat and limiting the damage. It is increasingly necessary for all email users to understand how to recognize and combat malicious email.

    Detecting and Combating Malicious Email describes the different types of malicious email, shows how to differentiate malicious email from benign email, and suggest protective strategies for both personal and enterprise email environments.

    • Discusses how and why malicious e-mail is used
    • Explains how to find hidden viruses in e-mails
    • Provides hands-on concrete steps to detect and stop malicious e-mail before it is too late
    • Covers what you need to do if a malicious e-mail slips through
    LanguageEnglish
    PublisherElsevier Science
    Release dateOct 7, 2014
    ISBN9780128005460
    Detecting and Combating Malicious Email
    Author

    Julie JCH Ryan

    Julie Ryan is currently an Associate Professor and Chair of Engineering Management and Systems Engineering at George Washington University. Dr. Ryan began her career in the US Air Force as a signals intelligence officer after graduating from the Air Force Academy. She transitioned to civil service in the Defense Intelligence Agency as a military intelligence officer and later left government service to work in industry.. Dr. Ryan's research interests lie in information security and information warfare. She has authored or co-authored scholarly articles in such journals as IEEE Security and Privacy IEEE Transactions on Computers. She is also the co-author of Defending your Digital Assets published by McGraw-Hill

    Related to Detecting and Combating Malicious Email

    Related ebooks

    Internet & Web For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Cyber Safe

      Dec 23, 2018

      Cyber Safe
      4 min read

    • Article

      Has Your Phone Been HACKED?

      Aug 3, 2022

      Most problems with our smartphones, such as the screen going blank or an app failing to open, are nothing to worry about and can be fixed with a quick recharge or restart. But sometimes there are more sinister reasons for our devices misbehaving, esp

      5 min read

    • Article

      With Ransomware Attacks Multiplying, US Moves To Bolster Defenses

      Jul 6, 2021

      As the private sector fends off more ransomware attacks, the federal government’s stepped-up efforts include the first national cyber director.

      4 min read

    • Article

      “Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”

      Aug 12, 2021

      If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d

      7 min read

    • Article

      Staying Safe In The Cloud

      Jul 22, 2019

      Staying Safe In The Cloud
      4 min read

    • Article

      Attacked By Cyber Criminals

      Jan 9, 2021

      Attacked By Cyber Criminals
      4 min read

    • Article

      Network Attacks

      Sep 21, 2020

      Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo

      4 min read

    • Article

      Hacker’s Manual

      Mar 2, 2021

      Hacker’s Manual
      1 min read

    • Article

      Under Cyber Attack

      Apr 16, 2020

      Under Cyber Attack
      9 min read

    • Article

      Don’t Panic

      Jun 17, 2019

      Don’t Panic
      8 min read

    • Article

      Vulnerability Assessments

      Jan 7, 2021

      Vulnerability Assessments
      3 min read

    • Article

      Hacker’s Manual

      Nov 17, 2020

      Hacker’s Manual
      1 min read

    • Article

      Protect Yourself Against New ID-Theft Schemes

      May 24, 2021

      Throughout the past decade, consumers have been rocked by one massive data breach after another. Some 500 million Yahoo users were hit by a 2014 data breach that compromised e-mail addresses, passwords and other information. The 2017 hack of credit b

      11 min read

    • Article

      Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL

      Sep 21, 2016

      Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate

      2 min read

    • Article

      Taking Guard

      Sep 2, 2021

      Taking Guard
      6 min read

    Related categories

    Reviews for Detecting and Combating Malicious Email

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      Detecting and Combating Malicious Email - Julie JCH Ryan

      Detecting and Combating Malicious Email

      Julie J.C.H. Ryan

      Cade Kamachi

      Table of Contents

      Cover

      Title page

      Copyright

      Preface

      Author Biographies

      Technical Editor Biography

      Chapter 1: Introduction

      Abstract

      A little history

      Malicious electronic messaging—what is it?

      Chapter 2: Types of Malicious Messages

      Abstract

      Feature types of malicious messages

      Examples of malicious messages

      Chapter 3: Thinking Like the Enemy

      Abstract

      Chapter 4: Inside Messaging: Making the Hidden Visible

      Abstract

      Email basics

      The header

      The message body

      The attachments

      Accessing the hidden material

      Chapter 5: Steps in Detection

      Abstract

      Technology assistance

      Configuration counts

      Chapter 6: The Malicious Messaging Layered-Defense Framework

      Abstract

      Why use a layered-defense approach

      Chapter 7: Final Thoughts

      Abstract

      Glossary

      Copyright

      Acquiring Editor: Steve Elliot

      Editorial Project Manager: Benjamin Rearick

      Project Manager: Paul Prasad Chandramohan

      Designer: Mark Rogers

      Syngress is an imprint of Elsevier

      225 Wyman Street, Waltham, MA 02451, USA

      Copyright © 2015 Elsevier Inc. All rights reserved

      No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

      This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

      Notices

      Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary.

      Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described here in. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

      To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

      British Library Cataloguing-in-Publication Data

      A catalogue record for this book is available from the British Library

      Library of Congress Cataloging-in-Publication Data

      A catalog record for this book is available from the Library of Congress

      ISBN: 978-0-12-800546-0

      For information on all Syngress publications visit our website at http://store.elsevier.com/syngress

      Preface

      This book is for ordinary users who do not have deep technical knowledge about how computers and networks operate. It is written in plain language with the goal of providing you with enough knowledge to keep yourself safe from predators while not overwhelming you with technical details. It can be read easily from beginning to end, or each chapter can be individually considered. For those who are not interested in technical details, Chapter 4 can easily be skipped. For those who are not faced with management challenges, Chapter 6 can easily be skipped.

      Chapter 1 introduces the concept of malicious messaging, providing context for the more detailed information provided in later chapters. The use of messaging systems for malicious purposes is not new: examples of the misuse of the mail range back to 1838. The challenge of recognizing and not falling victim to malicious messaging is discussed, as is the cleverness of the senders, who are motivated to convince recipients of the legitimacy of the messages.

      Chapter 2 provides a detailed explanation of types of malicious messaging, with actual examples. The elements of the messages that provide indicators of the malicious nature are identified. This information is very useful in understanding how to detect and not fall victim to the attack.

      Chapter 3 focuses on the motivations of the senders so that reverse psychology can be used as a defense. Understanding the psychology of malicious messaging can be as much of a resource to stopping it as any technology or security analysis. This is discussed in the context of the two primary goals of the attackers and how they go about trying to achieve those goals.

      Chapter 4 is the most technical of all the chapters. It describes the structure of emails and tells you how to use that structure to as an aid to determining if a received message is malicious or benign. Elements in the headers, message body, and attachments are identified and discussed.

      Chapter 5 is about the detection process. The process described can be applied to any detection challenge, but is presented in the context of malicious messaging detection efforts. The use of detection experience is also described to show you how you can use your experiences to improve your detection capabilities.

      Chapter 6 is for those readers who are faced with the challenge of addressing the problem of malicious messaging for more than simply themselves. A framework for creating both defense in depth and defense in breadth for an enterprise is described. The framework addresses both the people and the technologies that can be used in these defenses.

      Chapter 7 contains some final thoughts and recommendations. Since knowing what to do in case you fall victim is as important as knowing how to avoid danger in the first place, these thoughts can guide you through reaction and recovery.

      For educators, this book can serve as a starting point for building awareness about dangers that lurk in electronic messaging. For managers, it can serve as a cornerstone to training programs designed to enhance corporate security and establishing safe computing behavior patterns. For parents, it can be of assistance in talking to children about the challenges associated with engaging in online communications.

      Author Biographies

      Julie Ryan is an Associate Professor at the George Washington University in Washington, DC, where she researches and teaches in the areas of information security, systems dynamics, and human–machine interactions. Dr. Ryan holds degrees of B.S. from the U.S. Air Force Academy, Master of Liberal Studies in Technology from Eastern Michigan University, and Doctor of Science from George Washington University. She is coauthor of Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves (2000) and editor of Leading Issues in Information Warfare and Security.

      Cade Kamachi holds a Computer Information Technology degree from Brigham Young University–Idaho as well as an MBA degree from Idaho State University. While at Idaho State University, he performed research and developed trainings as part of the National Information Assurance Training and Education Center (NIATEC). Cade has worked for both industry and government in technology and information-assurance roles that included duties from technical configurations to policy creation. He has aided in the creation and implementation of cyber security exercises for collegiate, industry, and government entities.

      Technical Editor Biography

      Corey Schou is a Fulbright Scholar, a frequent public speaker, an active researcher, and an author with more than 300 books, papers, articles, and other presentations. His interests include information assurance, risk management, software engineering, developing secure applications, security and privacy, and collaborative decision making.

      He has been described in the press as the father of the knowledge base used worldwide to establish computer security and information assurance. He was responsible for compiling and editing computer security training standards for the U.S. government.

      In 2003, he was selected as the first university professor at Idaho State University. He directs the Informatics Research Institute and the National Information Assurance Training and Education Center. His program was recognized by the U.S. government as a Center of Academic Excellence in Information Assurance and is a leading institution in the CyberCorps/Scholarship for Service program.

      In addition to his academic accomplishments, he holds a broad spectrum of certifications including Certified Cyber Forensics Professional (CCFP), Certified Secure Software Lifecycle Professional (CSSLP), HealthCare Information Security and Privacy Practitioner (HCISPP), CISSP Information Systems Security Architecture Professional (CISSP-ISSAP), and CISSP Information Systems Security Management Professional (CISSP-ISSMP).

      During his career, he has been recognized by many organizations including the Federal Information Systems Security Educators Association, which selected him as the 1996 Educator of the Year, and his research and center were cited by the Information Systems Security Association for Outstanding

      Enjoying the preview?
      Page 1 of 1