Step 5: Turn on Message Scanning

From

editione1.0.0

Updated October 9, 2023
Now Available
Security for Everyone

The theme of this chapter has been “set it and forget it.” This step is no different. Your employees might get unsolicited emails from people trying to trick them into downloading bad attachments, clicking on links to go to bad websites, or replying back with important information. Even as a small business, these things can happen. They aren’t targeted—it is just really easy to set up an automatic script that sends the same bad email to thousands of people. It is a game of odds for an attacker: if just one person reacts, they can win big.

On the bright side, larger email providers realize this, and recognize that they are in the best position to protect people. Not all providers do this; that is why it was important at the very get-go to go with a good provider. Your Googles and Microsofts will definitely have these settings available.

Larger email providers host your mailboxes for you, which means they can also check it for any badness before letting you and your users see emails. They have some default protection already in place that will send obvious spam messages, like those about pharmaceuticals and that million dollar inheritance that you are missing out on, to the spam folder.

Email providers tend to turn the sensitivity dial down quite low and give you the options to dial it up if you want. The reason why they can’t dial this up automatically for you is because it can accidentally pick up and put things in spam that are actually legitimate. We recommend that you do dial it up because it is unlikely, due to how you operate, that it will catch too many false positives. The benefit of protection far outweighs the occasional checking of spam for a mismarked email. You likely send text files, Word docs, spreadsheets, images, and PDFs; hardly ever send things like macro-enabled spreadsheets; and never send things like password-protected zip files to people you have never interacted with.

When your business grows or you become more dependent on your mailbox and non-standard attachments, this setting may not be as easy as setting and forgetting. For now, though, it is very handy for keeping all those lures out of your and your employees’ mailboxes.

Enhanced scanning will look for things like attachment file types that are outside the normal .docx or .pdf, and links to websites that have been flagged as “bad.” They might also choose to deliver an email that checks off a few of the suspicious boxes, but add a big disclaimer at the top of the email so users can make their own call. Like when my business partner emailed me from a new email account, asking for help. There were no links or attachments, but something was certainly not normal, as “Laura Bell” doesn’t often contact me this way.

Figure: Enhanced scanning (in this case from Google) can flag suspicious emails prominantly.

Each email provider will refer to enhanced message scanning slightly differently, and you can most likely find it in the administrator settings. The keywords might read:

  • enhanced pre-delivery message scanning

  • enhanced phishing and malware protection

  • mail flow rules to check for malicious attachments or links

  • safe attachment policies

Step 6: Disable Automatic Forwarding

While you are deep in the administrative settings of your mailboxes, there is a setting you need to turn off. Automatic forwarding allows any user to set up a rule where all mail is forwarded on to someone else. It probably seems harmless, such as automatic forwarding of emails for ex-employees to a current employee’s inbox. However, let me reframe how this setting is misused.

When an attacker successfully gets their hands on a pair of valid login credentials for an email, often the first thing they will do is try to “maintain access.” They want you to continue to use the inbox, not suspecting anything, while they wait for the best moment to strike. A common setup for maintaining access looks like this:

  • Setting up automatic forwarding to a different inbox, usually a throw-away one where they can see copies of emails that are forwarded. All incoming and outgoing mail sent will also send a copy out to this mailbox.

  • You’re reading a preview of an online book. Buy it now for lifetime access to expert knowledge, including future updates.
If you found this post worthwhile, please share!