MessageLabs released a study last week on malicious emails. They found that attackers using email to distribute threats are increasing relying on users to click through on links in the email, as opposed to clicking on attachments.

This means a couple of things to me:

(1) Most everybody has deployed AV at the mail gateway.

(2) Your web filter is becoming an ever more important device in securing your network.

(3) Users need more training.

You might be tempted to think that the move to links and away from attachments has come because fewer users are opening attachments from untrusted sources. I’m sure that’s happening to some extent. If that was a lesson in your existing user training, then nice work!

But the threat landscape is constantly changing. Attackers will always be moving to the next weak spot in your systems and your users’ behavior.

In a previous post, I talked about using your web filter’s reporting to identify users that need training.

I should also mention that it’s good practice to ensure that your mail clients don’t have the AutoPreview feature (or pane) enabled. Give your user a chance to apply that training on the mail subject and source, before he tells his mail client to render that HTML email.

Tags: email, malware, reporting, training, users

This entry was posted on Wednesday, October 3rd, 2007 at 12:03 pm and is filed under Security Best Practices. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.