Bank of China New York (http://www.bocusa.com), the US branch of the world's fifth largest bank, uses Proofpoint to block incoming spam and viruses, prevent exposure of private information and encrypt sensitive outbound emails to achieve compliance with data privacy regulations including the Gramm-Leach-Bliley Act (GLBA).
Last week, I was at Proofpoint's East Coast "Inner Circle" customer event and I had a chance to sit down with Kostas Georgakopoulos, Director of Information Security at Bank of China's US branch and talk with him about how the bank is using Proofpoint. You can view the resulting video embedded in this post.
Writer Penny Crosman at Bank Systems & Technology also spoke with Kostas last week and her article, Bank of China Steps Up Email Securityis also out today. In the article, Kostas says:
"Like other financial institutions, we're targeted by spammers and people who send us spearing attacks... Our concern is to protect the integrity of our data, our customers' confidential information, and the availability of our systems... We needed something that would scale, that would provide additional capabilities, for example to help us meet regulatory concerns such as Gramm Leach Bliley."
If your organization faces similar data protection and regulatory compliance challenges, you'll probably be interested in the Proofpoint whitepaper, Protecting Enterprise Data with Proofpoint Encryption, which you can register to download here:
I shot quite a few more Proofpoint customer videos at last week's event (and hope to this week at our West Coast "Inner Circle" meeting), so stay tuned for more.
We issued a press release today about Proofpoint customer University Hospital of Zurich (aka USZ), about their deployment of Proofpoint Messaging Security Gateway email security appliances to protect 7000 email users at the hospital from spam, viruses and other inbound email risks.
Additionally, the hospital uses Proofpoint Secure File Transfer as a way to transfer large files, or files that require enhanced security/encryption, "out of band" from their SMTP email system. Like healthcare organizations in the US, University Hospital of Zurich wants to ensure that confidential, personal healthcare information isn't improperly exposed. Proofpoint Secure File transfer lets staffers send information such as patient data, medical test results, insurance information and other sensitive info in a secure fashion.
Jens Grundtvig, the manager of network security for University Hospital of Zurich says that the hospital chose Proofpoint because of a combination of ease of administration, security and cost reasons.
“The combination of an easy-to-deploy appliance, ability to enforce policies for individual users and groups, the price-performance ratio and the option for secure file transfer gave Proofpoint a strong advantage over the other four suppliers [that the hospital considered],” says Grundtvig.
You can read the full press release at the Proofpoint site here:
An interesting and novel (but not unexpected) blended threat has been sighted by spam fighter Scott Panzer over in the Proofpoint Attack Response Center.
Scott tells me that there's a spam message making the rounds that includes a malicious software (malware) link that is spoofed to appear like it comes from prominent security researcher Jeffrey Carr, author of the book Cyber Warfare and CEO of GreyLogic. The spam spoofs his email address and quotes an excert from one of his recent blog postings, titled "Russian spear phishing attack against .mil and .gov employees." You can read that post by Jeffrey Carr here:
The spam message goes on to offer a protective patch "from Microsoft" to download and install. Needless to say, that supposed patch is actually malware.
Scott notes that Proofpoint Spam Detection has been updated to block this malicious email and known variants.
Yet another good example of why I encourage email users never to click on links contained in email messages! Also, because of the risks associated with malicious links like this, it's important to always have up-to-date anti-virus software installed on any net-connected machine.
Of course, just as it's unlikely that a Nigerian general would contact you via email to request your help in moving a large sum of money to an offshore bank account, it is extremely unlikely that a security expert would spam you to suggest an "urgent security patch."
Stay safe, friends! I figure it's a good time to recap my "Seven Simple Rules for Staying Safe Online":
1. Be aware: View with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during this time of continued economic unease. If you see anything suspicious, contact the financial institution immediately.
6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers are riding the social media wave, commonly using malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.
7. Make security your first stop: Always make sure that your net-connected computers are protected by a good desktop anti-virus or Internet security solution—and that you keep your subscription up to date! Reputable vendors include F-Secure, McAfee and Symantec. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.
A couple of interesting articles from the always awesome Bank Info Security today, noting that various forms of phishing are on the rise. First up, the Anti-Phishing Working Group (APWG) reported that all types of phishing are on the rise. In the APWG's report for the third quarter of 2009, phishing reports to the organization rose to a record 40,621 (in August 2009). More, including some quotes form the APWG's chairman, Dave Jeavans, here:
"Financial institutions in Michigan, Wisconsin, Minnesota and Mississippi report being hit by these "vishing" attacks in the past two weeks. Five different institutions -- three credit unions and two banks - say their customers have received vishing calls from fraudsters."
The article includes details of the various attacks.
For reasons we discuss regularly in this blog, more and more enterprises are choosing to move email security functions "to the cloud" and today's announcement from Proofpoint offers yet another example.
Headquartered globally in Paris, web and audio conferencing vendor Arkadin found that its previous on-premises email security solution was suffering from poor anti-spam accuracy and imposing too many administrative burdens on IT staff. So they looked for new solutions that provided better effectiveness versus email-borne threats as well as reduced administration time and reduced TCO.
Arkadin found that adopting Proofpoint's SaaS email security solution gave them the features and savings they were looking for, without sacrificing control and customizability. Proofpoint ENTERPRISE now protects 1000 Arkadin end-user inboxes worldwide. Says Arnaud Lejeune, executive president of operations for Arkadin:
“We needed an email security solution with better performance that was also reliable and easy to manage. Proofpoint ENTERPRISE delivered on all of those requirements and more. By moving to Proofpoint’s cloud computing-based email security solution, we’ve greatly reduced our costs, effectiveness in stopping spam has been incredible and performance is guaranteed by service level agreements. It’s the perfect solution for enterprises faced with these problems.”
Arkadin’s information services team was also impressed by level of customization enabled by Proofpoint’s SaaS email security solution.
“Even though it’s a SaaS solution, Proofpoint ENTERPRISE gives us a level of control and configurability comparable to on-premises appliances,” said Jean-Claude Asseufi, global IS support manager at Arkadin. “Everything is managed by a centralized, Web-based management console, so we can easily make changes and get complete visibility into our email systems.”
If you'd like to learn more about the advantages of moving email security to the cloud and tips on what large enterprises should look for when buying security-as-a-service, register for our next live web seminar at the following link:
A couple of "last chance" reminders today: First, Gartner's most recent "Magic Quadrant for E-mail Security Boundaries" published in 2008 is about to be retired as an updated quadrant will debut in the first half of 2010.
You can still get a complimentary copy of that document from Proofpoint (until December 11th, 2009) at the following URL:
After 12/11/09, you'll have to wait until Gartner publishes an updated Magic Quadrant on email security, probably not available until Q2 of 2010.
Gartner, Inc. positions Proofpoint in the Leaders quadrant in its 2008 Magic Quadrant for the Email Security Boundaries (anti-spam, anti-virus, outbound content filtering, email encryption, intrusion prevention market). While consolidation in the email security market means that the market landscape is rather different today than when this report was first published, it still provides some great insight into what enterprises should look for when buying email security solutions and the comparison of the various vendor solutions is still quite useful.
This is an extremely popular topic right now and there are already more than 750 attendees signed up. As usual, if you can't make it to the live webinar, just register and we'll send you a replay as soon as it's available.
Hard to believe it's the holiday season already, but the here in the US, Thanksgiving is next week, bringing with it what are usually two of the biggest shopping days of the year—so called "Black Friday" (the day after Thanksgiving) and "Cyber Monday" (the Monday after Thanksgiving). Spammers and scammers traditionally observe these days as well, increasing their holiday themed scams at this time.
So, as is traditional this time of year, Proofpoint has issued its updated list of rules for staying safe online during the busy holiday shopping season. Longtime Proofpoint followers will remember our "Five Golden Rules" for online safety, but things have gotten so bad this year that we expanded the list with two new tips... making this "Seven Simple Rules."
1. Be aware: View with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during this time of continued economic unease and during the holiday shopping season. If you see anything suspicious, contact the financial institution immediately.
6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers are riding the social media wave, commonly using malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.
7. Make security your first stop: If your holiday includes giving or receiving a new computer, netbook or upgraded operating system, install a good desktop anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.
However you choose to observe them, make it a happy and safe holiday season!
Social media sites are hot and spammers and scammers have fully embraced the trend as well. We're seeing more and more malicious emails that masquerade as social media notifications such as friend requests, policy changes, etc.
Today, I'm seeing a lot of phishing and malware-infected emails in my personal spam traps spoofing Facebook's login system. There are at least three variations on this (probably many more) that I've spotted. All of them have "from" lines using "facebookmail.com" as the domain. (Note that Proofpoint's anti-spam and anti-virus features block all of these messages.)
First up, there's a message with subject line "Facebook updated account agreement" that also features a zip attachment that is surely some sort of malware. As is usual for phishing/malware email attacks, this message encourages the user to urgently "submit a new, updated account agreement", otherwise, your account will be "restricted." (Click the thumbnail at left for a full-size jpeg sample of this email. Need I stress that you should not download, unzip and run that attachment?
Similarly, I'm seeing phishing emails that have malicious links as their destination. Two different variations depicted in the thumbnails at left (again, you can click to show a full-size jpeg sample). One uses the subject line "Facebook Update Tool", the other is "new login system."
Both emails use similar body copy that includes the following text:
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security. Before you are able to use the new login system, you will be required to update your account.
Please click on the link below to update your account online now:
[malicious URL deleted]
If you have any questions, reference our New User Guide.
Thanks, The Facebook Team
The URLs in these messages link to fraudulent sites, of course, Recipients are advised never to click on links in email.
One of the interesting things about working in email security is that the problems we solve are extremely horizontal—every organization needs anti-spam, anti-virus and email policy enforcement features. So one gets exposed to many different types of companies in this line of work. Case in point: Proofpoint issued a customer case study press release today about Dakota Growers Pasta Company, which is apparently the third largest pasta manufacturer in North America.
Like so many enterprises today, when it came time to re-evaluate its email security solution, Dakota Growers opted for a SaaS (Software-as-a-Service) solution for stopping email spam and malware. Using Proofpoint PROTECT, one of our SaaS email security solutions, provided a more better performing, more cost-efficient way for the company to deal with email secuirty issues. Dakota Growers's director of IT, Jeffrey Strang, says:
"We wanted a solution that resided outside of our own network, as we've had issues in the past with email security software impacting our hardware assets. Proofpoint PROTECT was our first experience with a SaaS solution of any kind, but given the positive results we've achieved with Proofpoint, we're actually moving to hosted solutions in other areas of our business."
As I've noted before, moving inbound email security features to the cloudis pretty much a "no-brainer" for companies of any size. By deploying Proofpoint PROTECT, Dakota Growers has radically reduced the volume of spam and virus-infected email entering its network, making employees more productive and reducing the time that IT staff spends on email security-related administration and helpdesk tasks to near zero.
If you'd like to learn more about using cloud computing to solve your organization's email security challenges, attend our next live web seminar, Wednesday, November 18th. To register, please visit the link below:
And here's a little bonus for reading this far: Apparently, the other type of spam (the canned meat product) makes a fine addition to any sort of pasta. Here's a recipe for angelhair pasta with spam cream sauce. Enjoy.
The FDIC (Federal Deposit Insurance Corporation) issued a consumer alert today, noting that they have received many reports of fraudulent email purporting to be from the FDIC. In its warning (see "E-mail Claiming to Be From the FDIC – October 26, 2009"), the FDIC notes:
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”
The e-mail then asks recipients to “visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Good advice, of course! I took a quick look in Proofpoint's spam traps today and, indeed, these emails seem to be very widespread. (Note: Proofpoint's anti-spam solution accurately identifies all variations of these as spam.)
Subject lines I have observed for these emails include:
FDIC has officially named your bank a failed bank
you need to check your Bank Deposit Insurance Coverage
FDIC alert: check your Bank Deposit Insurance Coverage
The body of these messages is all very similar and reads as follows:
You have received this message because you are a holder of a FDIC-insured bank account.
Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.
You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage:
Visit FDIC website: [malicious URL removed]
Download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage
