The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010- 01 p. 22 and p.129.
Electronic mail (email or e-mail) is a method of exchanging messages between people using electronics.1 It is a popular method of communication due to the ease of use and speed of communication that makes it attractive for business or personal use.
The use of email system has been popular which made it a target of abuse by some people for their own advantage, hence, users must be aware of the threats involved. The following are the most common email incidents trends:
- Spam messages such as email marketing campaigns which are used because they deliver outstanding results to business. Also, it can be used as a mechanism for the distribution of malware.
- Email phishing and spear phishing. Besides phishing emails that target banks, phishers have also created phishing emails and websites for other famous applications, organizations and email providers.
- Scam Emails by Social Engineering. Hackers use a compromised victim’s email account to send scam emails to friends which often requests for help and money, claiming someone is supposedly in trouble.
- Spreading Malware. Malware can spread via emails that contain links to infected sites or attachments that are infected with malware. When the user clicks on the link or opens the email attachment, the user’s machine will be infected with malware. Some ransomware employs this method to spread.
- Business Email Compromise (BEC). A variation of this kind is known as CEO fraud. In CEO fraud, cybercriminals might use hacked CEO emails to send impersonation emails to the finance manager or an employee in the finance department. This compromised email account is then used to trick the employee to transfer funds to an account controlled by the scammers.
- Data Leakage and Business Disruption. Disgruntled ex-employees who previously managed the company email account may intentionally change the admin email username and password. The organization cannot directly reset the email account because that ex-employee who is the only one that knows the email server setters previously created it.
PNP personnel and the public are advised to follow the best practices listed below for end-user and enterprise email security:
- Never open attachments or click on links on email messages from unknown senders.
- Use strong passwords and change it periodically.
- Never share passwords with anyone.
- Minimize the sending of sensitive information via emails.
- Use spam filters and anti-virus software.
- When working on personal device, use Virtual Private Network to access corporate email.
- Avoid using public Wi-Fi connections.
- Educate employees on security education pertaining to the use of emails.
- Utilize email encryption to protect email content and attachments.
- Ensure the use of secure logins for webmail applications.
For additional information, please refer to the following websites:
POINT OF CONTACT