The Art of Email Security: Putting Cybersecurity In Simple Terms
By Evgen Verzun
2/5
()
About this ebook
Сracking Invisible Walls Between You and Cybersecurity
“The Art of Email Security” presents hard evidence of email committing high treason against your privacy, explains what makes you a possible target in the eyes of the attacker and shows what you can learn from online criminals to become more secure.
To bring some spotlight on the importance of digital awareness in our tech-obsessed world, StealthMail Team launched the project and was later joined in this mission by leading cybersecurity experts across the globe. Chief information security officers that have worked for companies like Amazon, IBM, HBO, Gartner, UNICEF, DHL, Verizon, Capital One and many more were kind enough to share their knowledge and offer their unique insights, fueled by years of experience, and feedback-from-the-ground on email matters worth talking about.
The material provided within the book allows privacy-oriented users of different Internet proficiency to get familiar with best practices of email security, learn about the most popular cyberattacks targeted at email, and find out why email is used so heavily by the most decorated hacking groups in the world.
Additionally, you will learn more about:
- Ideas, motivations and work methods behind the most famous hacks of the past 10 years
- History of email as we know it, introduction to protocols used to facilitate data delivery and protection
- Real-life cases and stories explaining the nature of social engineering
- Cryptography basics explained in plain English without overexposing Bob and Alice
- Ways of detecting, identifying, and avoiding the most sophisticated email attacks
Cybersecurity is hard enough as it is, and this book attempts to put it in simpler terms. Why not make your first step towards becoming a cybersecurity professional right now?
"If you are worried that a cybersecurity book will be dry and technical, this one is a pleasant change.
The book is a quick read, full of informative anecdotes mixed with cultural references to keep the reader interested. It is really geared towards the individual, not just a corporate security professional, and is written in a very conversational and humorous way. I would recommend it to anyone who wants to understand current social engineering and cyber fraud schemes." — Rick Doten, Cyber and Information Security at Crumpton Group LLC
"Lots of teases, plain English, captivating storytelling. Appreciate how honest and straight-forward the authors are, they don’t hold back and have strong opinions. This book raises a lot of important questions, and of course, answers a few too. This is something I would give to friends who don’t know a lick about cyber hygiene or how dangerous email is. It left me wanting more, and I expect authors to continue doing their good work." — Johan Nordstrom, Founder & CEO of Nordstrom Consulting
Related to The Art of Email Security
Related ebooks
Hacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacked Again Rating: 5 out of 5 stars5/5Cybersecurity: The Hacker Proof Guide To Cybersecurity, Internet Safety, Cybercrime, & Preventing Attacks Rating: 0 out of 5 stars0 ratingsDeep Web Secrecy and Security: an inter-active guide to the Deep Web and beyond Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK Rating: 5 out of 5 stars5/5The Darknet Superpack Rating: 0 out of 5 stars0 ratingsCyber Curiosity: A Beginner's Guide to Cybersecurity Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5The dark behind the web: Dark Web, Deep Web, Fake News, Social Control, AI, Computer Viruses and Hacking Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5How Not To Use Your Smartphone Rating: 5 out of 5 stars5/5Easy Private Browsing: How to Send Anonymous Email, Hide Your IP address, Delete Browsing History and Become Invisible on the Web Rating: 0 out of 5 stars0 ratingsCybersecurity for Small Businesses and Nonprofits Rating: 0 out of 5 stars0 ratingsDigital Cop: A Digital Cop's Guide to Cyber Security Rating: 0 out of 5 stars0 ratingsWhat is the Dark Web?: The truth about the hidden part of the internet Rating: 4 out of 5 stars4/5How to Hack a Human: Cybersecurity for the Mind Rating: 0 out of 5 stars0 ratingsDeep Web for Journalists: Comms, Counter-Surveillance, Search Rating: 5 out of 5 stars5/5Wifi Hacking Strategy & Ideas Rating: 0 out of 5 stars0 ratingsStay Anonymous Online:A Short and Simple Guide to Hide Yourself In The Internet Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Darknet Rating: 4 out of 5 stars4/5Conquer the Web: The Ultimate Cybersecurity Guide Rating: 0 out of 5 stars0 ratings11 Strategies of a World-Class Cybersecurity Operations Center Rating: 0 out of 5 stars0 ratings7 Rules to Influence Behaviour and Win at Cyber Security Awareness Rating: 5 out of 5 stars5/5Online Hacker Survival Guide Rating: 0 out of 5 stars0 ratings
Internet & Web For You
More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Coding For Dummies Rating: 5 out of 5 stars5/5Introduction to Internet Scams and Fraud: Credit Card Theft, Work-At-Home Scams and Lottery Scams Rating: 4 out of 5 stars4/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5SEO For Dummies Rating: 4 out of 5 stars4/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5200+ Ways to Protect Your Privacy: Simple Ways to Prevent Hacks and Protect Your Privacy--On and Offline Rating: 0 out of 5 stars0 ratingsThe Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5How to Destroy Surveillance Capitalism Rating: 4 out of 5 stars4/5How To Start A Podcast Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5
Reviews for The Art of Email Security
1 rating0 reviews
Book preview
The Art of Email Security - Evgen Verzun
The Art Of Email Security: Putting Cybersecurity In Simple Terms
Although every precaution has been taken to verify the accuracy of the information contained herein, the authors assume no responsibility for any errors or omissions.
No part of the publication may be reproduced, distributed, stored in or introduced into an archival system, transferred or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise) without the prior permission of both owners and publisher of this book, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.
The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
© Copyright 2020 by StealthMail Software Ltd.
StealthMail.com
All rights reserved.
Table of Contents
What Others Are Saying About This Book
The Art Of Email Security
Backstory
Acknowledgments
Introduction
The Unarguable Fact That Makes This Book A Must Read
To Make You Feel A Bit More Comfortable And Secure In The Digital Space
Hold Your Trojan Horses There, We Got A Few Examples
We Will Burst The Bubble We Live In By Getting Out Of It
Maybe It’s Time To Address The Elephant In The Room?
The Dark Side Of The Digital Age
We Also Befriended The Best Spies On The Planet
Not Everyone Picks Up On This Subject For Some Reason
9 Out Of Every 10 Successful Cyberattacks Start With Email
It Will Suck You In Like A Quicksand
Who Are They, Who Are Their Victims?
Same Lack Of Interest That Keeps People Blind
They Have Everything They Need To Collect Information Like Sponges Collect Water
There’s More To Hacking Than Simple Button Jacking
Punching Cards And Catching The Bus Like A Boss
Gamble Boy Cracks Feds, With Attitude
You Don’t Own Jeh-k, Dear Friend
Let’s Just Say Kane’s Little Gamble Didn’t Pan Out As He Had Hoped
What Motivates Online Criminals?
The Personality Of The Wearer And What Makes The Hat
Never Ever Underestimate The Importance Of Having Fun
Smart Hackers Know When It's Time To Change The Hat
Not Bad For A Part Time Job, Huh?
Even Drug Trafficking Doesn’t Hold A Candle To Cybercrime!
There Is No Honor Among Thieves, Even Extremely Online
Ones
24 Million Dollars And A Ton Of Psychological Cargo
Hacking With Authority: Advanced Persistent Threats
They Don’t Have To Worry About Feds Standing Behind Their Backs
Data Is The New Oil And Email Is The Earth They Pummel To Get It
They Snoop Around The House You’re Moving Into
Digital Transformation Catches Users Between Stone And A Hard Place?
Can You Name The Biggest Weakness Of The Largest Companies?
Panama Papers Scandal Exposed 11.5 Million Documents
Email Was Not Created For This Tough World, It Didn’t Sign Up For This Either
How People Turned Email Into Their Mortal Enemy With No Malice In Mind
People Invest In Email Heavily Without Being Aware Of It
Email Is Open For Everyone, Everyone Is Welcome!
It's Like Grand Central Station In Here...
The Numbers Don’t Lie And They Spell Disaster For You
SMTP Should Really Stand For Simple Method To Peek
You Might As Well Write A Message On A Wall
Three Certainties In Life: Death, Taxes, Email Staying For At Least Another Decade
Email Is Like A Cockroach – It Is Tough To Kill…
...But It Still Holds Some Value
5 Of The Most Overused Attacks On Email
Man-In-The-Middle, Never Second Fiddle
There’s Strength In Numbers, And We’re Not Talking About Stats
What Can Be Worse Than A Crowd Of Hungry Uninvited Guests?
Pay Up $1000 And I'll Fix Your $300 Computer
WannaCry Me A River?
Healthcare Organizations Need Patient Data To Save Lives
Petya Or NotPetya? That Is The Question
How Laziness Makes Attacks Even More Lethal
Specialization In Integrity Doesn’t Make You Immune
People Jumping On Everything That Is Free
The Greatest Trick The Devil Ever Pulled Was Convincing The World He Didn't Exist
The Paranoid Is Never Entirely Mistaken
How Criminals Get Information By Using A Victim’s Hands And Manipulating Their Minds
The Type Of Phishing That Won’t Let You Relax
The Art Of Spoofing That Will Leave You Barely Hoofing
Does Email Security Strangle The Working Process?
Take Gmail’s Dot
Problem For Example...
The Netflix Scam That Forces You To Pay For Someone Else’s Fun
Phishing Scam Covers All Demographics
The Last Thing A Phish
Would Ever Notice Would Be Water
The Poisonous Spear Touch That Derailed Hillary’s Campaign
Yet Another Reason To Leave Social Media Forever
Oh, You're Back. That Was Quick!
Spoofing Is Not Exclusive To Email, Far From It
The Travesty Of Whale Hunting Where Animals Luckily Don’t Get Hurt
How Full-Blooded Italians From China Fooled A Bunch Of Indians
You Juke The Numbers, And Workers Become Hopeless
Spicy Recipe For Receipt Disaster
How Cross Site Scripting Works And Dorks Poor Users
There Would Be No Actual Need To Fool The User Directly
This Is A Possible Reason For Your Machine’s Slow Starts
Why Nerve-Wracking Cryptojacking Is So Widespread?
And This Is Why It Overtakes Malware In Usage Rate...
Because Nothing Was Stolen From Them Directly
How Pay Rise Denials Deeply Burn Management Pockets
55% Of Organizations Globally Were Affected By Cryptojacking
Not-So-Common Attacks Affecting Our Emails
Now Picture That Mess Going Straight To Your Inbox
Unsubscribing From Spam Can Sign You Up For Fresh Malware Delivery
It Won’t Go Through Them, It Will Blow Up
First
Sometimes You Don’t Even Have To Click On The Links To Get Caught
Why Losing Hash Is As Bad As Losing Cash
Spooky Tech Explanation Nobody Ever Asked For
Now They Can Steal Our Cookies Through Email!
Sometimes You Click On A Link Without Even Knowing Anything About It
Getting In The Crosshairs By Dancing Around The Malicious Link
Click-Click, BOOM! What Was That!? A Bad Hair Day
You Ignore It Once, Twice, But It Keeps Coming Back
Don't Sing It, Bring It!
That Can Actually Help You Defeat Web Beacons, Too
Information Is Power And Those That Have Access To It Are Powerful
How To Read The Emails Of Others Without Interacting With The Account?
Sayonara, You Shell-Backed Simpletons
Bringing Your Own Device Is Bringing Your Own Demise
Universal Serial Bus That Will Drive You To The End Of The Line
People Are Throwing Their Bodies Under The Bus
When Sticking Your Nose In Someone’s Business Hits You Back
Like Father, Like Son
A Gateway That Can Open The Floodgates
No, We Can’t Say That At All
This Pharming That Has Nothing To Do With Genetic Or Social Engineering
Those Routers Ain’t Loyal…
That’s Just Like Posting A Manual For Beginners
Data Breach Is Not A Figure Of Speech
When Customers Take Their Money From Your Business
Repeat Offender That Begs For A Defender
Out Of The Frying Pan, Into The Fire, And Still Off The Hook
Once Again, You Can’t Trust These Guys
Indirect Types Of Data Breaches That Still Hurt Like Hell
19,000 Different People, Carl!
Mesmerizing Carelessness To Sensitive Documents Is Not New
Smelly Goo On The Bottom Of Your Shoe
Abuse Of Power Or Official Position Is Never A Good Idea
Nobody Wants To Be The Next Target
Old Data Breaches Still Pose A Threat To Your Security
The Domino Effect Of Data Breaches
Criminal’s Post-Breach To Do
List
Rocky Road To The Dark Web: You Will Be Amazed How Much Your Sensitive Data Costs On The Black Market
There Is A Profit To Be Made
Better To Hear About The Dark Web A Thousand Times Than To See It Once
Illegal Sites? Give Me Examples, Asking For A Friend
Cybercrime Is A Complicated Issue, But People Are An Even Bigger Issue
Taking Orders, Sharing Data
But First, Let Me Take A Selfie
That’s Physical Security, Let’s Get Back To The Digital One
Some People Can’t Live Without Communication, We Get It
We All Need Each Other To Fight The Real Threats
7 Expert Cybersecurity Tips And Directives To Regular Email Users
The Ultimate Security Is Your Understanding Of Reality
The Event That Put Us In The Mood To Write This Book
Directive #1: Make Passwords Strong, Keep Them Fresh
It’s A Foundation That You Build Your Security On
Human Beings Are Experts At Forgetting
Treat Your Password Like Your Toothbrush
How Your Best Internet Friend Tells Your Secrets To Malicious Strangers Around You
Not Everything That Glitters Is Gold
Who Has An Edge Among The Rest?
Safari That Shoots Down The Attackers
Having A Bad Password Isn’t A Crime, But It Could Lead To One
An Admin, A Monkey and A Princess Walk Into A Bar
The Longer The Password Is – The Better
How To Break The Walls Down Without Kicking Up A Fuss
Patience And Hard Work Will Conquer All
Directive #2: Use Two-Factor Authentication
Now That’s A Great Attitude To Have
Another Door Just In Front Of Them
Loopholes Still Exist, And They Need To Be Addressed
Deloitte Had No Clue About Two-Factor Authentication
There’s No Patch For Negligence Yet And Stupidity Yet
How Dare You Smear Security Over My Life?
Directive #3: Don’t Confuse Two Steps With Two Factors
Security
Questions That Sell You Out In Two Seconds
How Many High Schools Are There In Alaska?
All You Need To Know About The Factors
Human Factor Can Knock Down Authentication Factors With Ease
Are You Impressed? It Doesn’t Matter
The Bottom Line Regarding Two Authentication Factors
Directive #4: Digital Content Must Always Be Encrypted
Tell Me More About This Encryption Stuff, It Sounds Crisp
But Don’t Be Afraid, That’s Not A Bad Thing, It’s A Good Thing!
Sounds Easy Now, Right?
Encryption Must Always Play A Signature Role
Does Encryption Really Put Your Data In Great Danger?
Why Exactly Do You Need To Keep Emails Encrypted?
Encryption Is An Amazing Safety Measure All Things Considered
People Created Safety Pillows, So You Might As Well Use Them
Good Luck Trying To Brute Force Encryption, Really
Or Just One Bored Kid From Finland
Math Is Hard, Let’s Listen To Some Music Instead
They Keep Their Ears Close To The Ground
Sometimes It Takes A Meltdown To Get Fired Up
Your Metal Gear
Is Not Solid
Directive #5: Keys And Encrypted Data Should Always Be In Your Control
Bob –> Mallory –> Alice Example
Authentication! We Need It To Validate Reality
You Can Hide In The PIT
So, How Does TLS Encryption Transpire Step By Step?
A Handshake That Would Confuse Even LeBron James
Hierarchy Works Well In A Stable Environment, But Internet Isn’t Stable
Something Is Rotten In This State
Believe Nothing You Hear, And Only Half Of What You See
SSL In Particular Had A Very Hard Life
Someone Can Steal Your Cipher Faster Than You Can Say Bleichenbacher
DH Could Also Stand For Die Hard
Crimes That Make Our Hearts Bleed
Can’t Complain, And How Are You Doing?
It Could Be Your Most Sacred Corporate Secret
That’s Why You Don’t Squeeze In The Handshake!
All In All, Trust Is Hard To Come By
But How Good Is Pretty Good
?
Trust Is Built When Someone Is Vulnerable
No Need For A Warrant Too…
Cloud Has Truly Changed The Game
Cloud Looks Fluffy, But We Need To Examine It Further
This Is What Can Happen If You Put All Your Eggs In One Basket
Directive #6: Data Protection Policy Should Be Legally Compliant
GDPR’s Materialization And Its Impact On Data Privacy
Factual And Actual Cases Triggered By General Data Protection Regulation
HIPAA Has No Data Mishandling Tolerance Either
Curiosity Killed The Cat And Can Possibly Kill Someone’s Career
It’s All About The Money With Sarbanes-Oxley Act
Self-Harming Overinflation Puts People In The Ground And Behind The Bars
So You Want To Be Compliant?
Directive #7: Remember That Security Is A Process And Not A State
If We Desire Respect For Policy, We Must First Make The Policy Respectable
Security Is A Team Effort, Plain And Simple
Proverbs 29:18 KJV – Where There Is No Vision, The People Perish
10 Indicators That Will Help You To Identify Phishing Emails
Half Of Victims Click On Malicious Items Within The First Hour
Final Words We Want You To Take Very Seriously
The Art of Email Security
Epilogue
Let’s Look Back At What We’ve Done
What’s Better Encryption Than Doctor’s Prescription?
Education Is Not The Only Gateway To Security
Filters
Not Concerning Cigarettes Or Snapchat
The Sky Is Not All 'Rose', But Cloud Is Not Transient
A Farewell Gift To Our Most Diligent Readers
References
Glossary
What Others Are Saying About This Book
"What a book! – the guy who never finished one, beside CISSP exam book. Read it in bed, and I usually fall asleep after 20 pages. Not the case here!!
I am impressed by the tons of information gathered, I even discovered two or three new things. The style is very good, I love the concept of small chapters! At first, I didn’t understand why a book about email security gives ‘hackers’ so much attention, but then it all made sense."
Romain Bottan, Chief Information Security Officer at BoostAeroSpace.
"Lots of tease, plain English, captivating storytelling.
Appreciate how honest and straight-forward the authors are, they don’t hold back and have strong opinions. This book raises a lot of important questions, and of course answers a few too. This is something I would give to friends who don’t know a lick about cyber hygiene or how dangerous email is. It left me wanting more, and I expect authors to continue doing their good work."
Johan Nordstrom, Founder & CEO of Nordstrom Consulting.
"Amazing job by the authors, I am really impressed!
Hope it will find the deserved success and will help email users become safer. Read it while my family was sleeping, couldn’t do so myself after starting. Authors worked really hard to improve it under my review, and it showed.
Happy to be a part of it!"
Stephanie Buscayret, Chief Information Security Officer at LATÉCOÈRE Group.
"If you are worried that a cybersecurity book will be dry and technical, this one is a pleasant change. The book is a quick read, full of informative anecdotes mixed with cultural references to keep the reader interested. This book is really geared towards the individual, not just a corporate security professional, and is written in a very conversational and humorous way.
This book is good for the non-technical user, as well as the security practitioner—maybe one who might work for a small firm and has not been as exposed to a variety of cyber threats. I would recommend it to anyone who wants to understand current social engineering and cyber fraud schemes."
Rick Doten, Cyber and Information Security at Crumpton Group LLC.
"A great read for non-technical executives!
Informative and enjoyable, even entertaining read on a critically important topic. I think the way the subject is discussed makes the topic very easy to understand. Readers would feel comfortable investing their time in reading this book, without being overwhelmed with technical jargon! Highly recommend."
Tom Patterson, Senior Manager, Information Assurance at Cotton & Company LLP.
"No hard teaching, lots of engaging material for security professionals and regular users alike. This book is a good mix of data, statistics, quotes, insights and recommendations for users.
I think that makes it appealing to a broad audience, which is smart as cybersecurity is a global issue. It puts human beings in focus and that makes it different from technical books you might have read before.
Will certainly promote it in my network, I think it will get some love."
Niels Trads Pedersen, Deloitte partner, former Business Unit Leader at IBM.
The Art Of Email Security
Backstory
To start us off on the right foot, we need to introduce ourselves, provide you with our background, share our goals and aspirations.
The Art of Email Security
is a collective labor of StealthMail.com Team - a company working over professional email security solutions. After working on mission- and time-critical projects in professional telecommunications for more than 13 years, Team StealthMail have devised core principles enabling the development of secure and reliable communication systems.
These principles make it possible to manage critical infrastructure facilities and coordinate personnel in situations where human lives are put on the line.
In professional telecommunications, in addition to the principles of systems development, special attention is paid to employee education and regular training. This approach is implemented in every major intelligence service — Police, ESM, Fire Department, etc.
The same cannot be said about the commercial sector.
Most companies either believe that their employees already know how to use the Internet and communicate over email safely or just close their eyes, preferring to ignore the problem altogether. Even though employees working for those organizations have to access, use and share confidential data all the time without getting prior education.
Based on that knowledge and years of experience, we knew that just covering the technological part of the problem wouldn’t be sufficient, as people already get enough training and guides concerning application interfaces and services. However, they don’t get enough information about safe ways to operate within them.
We knew that we had to do much more to reach the critically important audience, and our point was reinforced after we’ve provided training courses, seminars and webinars to Ministers of Defense, Ministers of Finance, C-level