Social engineering relies on curiosity, lack of suspicion, greed, and other most natural human instincts. Combined with our increasing reliance on technology for communication, it poses significant risks to digital privacy.
Have you ever received an email asking to help a prince in exile with retrieving money? Or perhaps, someone claiming you won a huge prize and need to transfer just a little sum to cash it out? Although we choose to rely on a virtual private network and encrypted online activity, there is little that can protect us against threat actors playing with our emotions and instincts.
In this case, what should we pay attention to in order to avoid common cybersecurity risks when using email? And who is responsible for protecting us – the provider or ourselves? To find out, we’ve reached out to Patrick De Schutter, the Co-Founder and Managing Director of an encrypted email service provider – Mailfence.
Let’s go back to the beginning of Mailfence. What has your journey been like?
After Snowden’s revelations in 2013, we decided to do something to protect online privacy and security. We felt we just couldn’t stay passive and accept the violation of our rights.
We believe that online privacy is a fundamental human right. Therefore, we created Mailfence to offer a service fully dedicated to it.
Ever since, our team kept growing, the number of our users did as well, and we couldn’t be happier. This whole journey has been very challenging but so rewarding.
People are paying more attention to their online privacy and security, and we’re proud to provide a complete suite that is private and secure.
We needed to participate in the new world that would match our values: freedom (of speech), respect for private life.
Can you tell us about what you do? What methods do you use to ensure email security?
We provide an encrypted email solution. We expanded our services to secure contacts, document management, chat, and even more. We’re a secure and private alternative to Google Workspaces!
We employ all conventional methods to ensure email security e.g. SPF, DKIM, DMARC, MTA-STS, and DANE. Optionally, users can encrypt emails (end-to-end) using a password with or without access expiration time. Mailfence also offers a (web) integrated Keystore for generating/managing OpenPGP keys and supports both OpenPGP signatures and encryption for emails. Users can enable TFA and can create service-specific passwords or can disable specific services (e.g. SMTP-IMAP/POP, EAS, xDAV).
What are the most common cyber threats carried out via email?
Social Engineering is a very common cyber threat. This term gathers several techniques. The hacker’s goal is to pretend to be someone well-intentioned to collect some sensitive information. Some of those techniques are famous. We all have received at least once an email from someone announcing they chose us to be their only heir. Just send money to this account, and the money is yours! Another well-known example of social engineering is sending malware links to comprise the device of anyone clicking on it.
Social engineering is based on human weaknesses: greed, curiosity, naivety – usually, one needs to pay attention to details to recognize them. This is why it is so well-spread: most people don’t take the time to check every characteristic of the email, but this is the best way to protect oneself against social engineering. For instance, if your bank is allegedly asking for sensitive information, check their email first. If it doesn’t look like [email protected] but is something fishy like [email protected], it's a huge red flag.
How did the recent global events affect the email security landscape? Have you noticed any new types of threats?
At Mailfence, we have seen an increase in email impersonation and phishing attacks in recent years. Hackers rely on human weaknesses and empathy. In the current context of Russia’s invasion, we can expect social engineering attempts of hackers pretending to be from Ukraine asking for help. The method relies on human emotions, and this is why it’s so difficult for devices to spot every social engineering attempt.
In Ukraine, we can witness the effects of cyberwar. It’s in the spotlight, but cyberwar has been ongoing for many years now.
With the increase of connected objects, it is simply spreading faster. The Internet is no longer separate from the real world. Online persecutors also have to face their actions.
This, among other things, is one of the reasons we need private and secure online services.
What is the most common type of phishing email, and why do many solutions struggle to identify it?
There’s no one specific scheme for phishing, as attacks can be diverse and various. The example we talked about earlier, the rich heir giving you all his money, is quite common, though.
Phishing is one of the most common social engineering techniques, but there are many more. Baiting, pretexting – they all have their subtleties, but what they have in common is the need to fool their victim. Social engineering relies on the curiosity and lack of suspicion of their victims.
Lots of people struggle because they don’t doubt what they read. Hackers can be very convincing and sometimes urge their victims to take action without thinking about it.
The most efficient way to protect your data from social engineering is through education. By educating oneself, you can prevent most social engineering attacks. That’s why we try to share our knowledge on our blog to inform as many people as possible.
In your opinion, what are some of the worst habits that can lead to one’s data being compromised?
There are many tips one can follow to ensure to keep their data safe. Not following them is probably the worst habit one could have. Besides email security solutions, there are simple things to do to protect one’s online privacy and security.
The easiest changes to implement would be to stop to using public Wi-Fii (you certainly don’t want an insecure connection when checking your bank account.) Create a strong and unique password for each of your accounts (we strongly recommend using a password manager) and add another layer of security to protect your data is well advised. This way, setting up two-factor authentication will protect your data, even if your password gets compromised.
As mentioned earlier, keeping oneself up-to-date with hackers’ most common techniques is opportune and will decrease the risk of social engineering.
What online privacy issues do you hope to see resolved in the next couple of years?
One of our goals is to participate in a more private and secure online experience. We hope our model will become the norm and that no more data will be sold for advertising or even more obscure purposes.
Can you give us a sneak peek into some of your future plans for Mailfence?
We work hard to provide the best experience for our users. We have a tight agenda, and sometimes our deadlines are too short, but we make sure to listen to the needs of our users.