Fortinet

VPLS Discovers Fortinet Vulnerability CVE-2021-41019

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

VPLS has discovered and responsibly disclosed a new Fortinet FortiGate firewall vulnerability which has been assigned the Common Vulnerabilities and Exposures (CVE) number CVE-2021-41019.

At a technical level, this vulnerability can be summarized as an improper validation of LDAP server certificates in the web GUI of FortiOS, the operating system that the FortiGate firewalls run, which could lead to a malicious actor obtaining sensitive information, such as user credentials. VPLS is acknowledged with the discovery and responsible disclosure in Fortinet’s official advisory FG-IR-21-074, which was released on November 2nd, 2021.

Impact, Risk, and Recommendations

This vulnerability affects all FortiGates running 7.0.1 and below, 6.4.6 and below, or 6.2.9 and below. With that said, Fortinet has scored this vulnerability a 3.5 out of 10 using the Common Vulnerability Scoring System Version 3.1 (CVSSv3.1), which results in a Severity rating of Low.

Even with a Severity rating of Low, this vulnerability VPLS discovered can be resolved with a quick fix – a firmware upgrade – so we recommend upgrading the firmware to a version in which this vulnerability has been fixed, which is 7.0.2 or above, 6.4.7 or above, or 6.2.10 or above.

With that said, we urge you to also review CVE-2019-5591 and its associated Fortinet PSIRT Advisory FG-IR-19-037. This vulnerability made the list of Top Exploited Vulnerabilities in 2021 and is closely related to the vulnerability we discovered. The difference with CVE-2019-5591 is that upgrading the firmware alone does not resolve it! A configuration change on the firewall must also be performed, and this critical step is one many organizations overlook.

A Testament to Our Commitment to Security

As a Fortinet Expert Partner and MSSP, we provide many Managed Security Services based around Fortinet products, but so do many other MSPs/MSSPs. The difference with VPLS is that we are providing security services powered by a team with a deep commitment to securing our customers’ organizations, and VPLS discovering and responsibly disclosing a brand-new vulnerability related to the products that power our services is a testament to that commitment and dedication.

If you’d like to learn more about mitigating this vulnerability, or you want to talk about the security services we offer, including managed services and professional services, then please reach out to us. We are always here to help.

John Headley

Read More from this Author

If you enjoyed this article, you'll probably like:

FBI CISA

The FBI and CISA Issue Joint Security Advisory on Fortinet FortiGate Vulnerabilities

Advisory, Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Advisory Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory to warn the public that threat actors are actively exploiting a suite of known Fortinet FortiGate firewall vulnerabilities. These vulnerabilities allow an attacker to steal VPN user credentials and gain initial access to the protected network environment, which positions them to be able to conduct further attacks.

Although two of the three vulnerabilities mentioned in the advisory have been known to the public since 2019, with the third being made public in 2020, it is clear by the issuing of this alert now in 2021 that there are still many firewalls in the wild that have not been updated and are still vulnerable.

Vulnerabilities

Vulnerability 1

CVE

 CVE-2018-13379

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-18-384

VPLS Summary

An attacker can steal SSL VPN user credentials on FortiGates with SSL VPN enabled, allowing them to gain access to the protected network environment

Vulnerability 2

CVE

CVE-2019-5591

CVSS Score

7.5/10 – High

Fortinet PSIRT

FG-IR-19-037

VPLS Summary

An attacker with local network access can perform a MITM attack to intercept FortiGate LDAP connections and obtain sensitive user authentication information.

Vulnerability 3

CVE

CVE-2020-12812

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-19-283

VPLS Summary

An attacker can bypass 2FA requirements for VPN users by adjusting the case used when entering the username.

VPLS's Recommendation

These three vulnerabilities each have their own conditions required for your FortiGate to be vulnerable, as well as specific mitigation instructions, which are described in detail in the provided Fortinet PSIRT links. To summarize, for Vulnerability 1, the mitigation step is as simple as upgrading the firmware version. Vulnerability 2 and 3, however, require specific configuration changes to mitigate.

Please reach out to us if you would like more information on this advisory. We are happy to provide a free consultation to evaluate if any of the three vulnerabilities apply to your environment and discuss with you what mitigation steps are required.

Additional Resources

Read More from this Author

If you enjoyed this article, you'll probably like:

managed security service provider

An Engineer’s Perspective on Managed Firewalls

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Most of the articles you’ll read today on the pros and cons of MSP-managed firewalls focus on these two buzzwords: CapEx and OpEx.

Choosing upfront or recurring expenses is certainly an important decision for the business, but as an engineer who installs both managed and non-managed firewalls for our customers, I wanted to share some technical aspects of the decision that should be considered as well.

Are Your Employees Trained?

Organizations that want to migrate to or install a new non-managed firewall should consider if their employee(s) that will be managing this firewall will know how to use it, and this extends beyond simply making a new policy or blocking a website. To make the most of the new firewall, and to ensure the business is protected, the firewall admins should know how to:

  • Ensure any changes are made with configuration and security best practices
  • Utilize advanced features of the firewall, such as single sign-on
  • Incorporate and use other security devices and software to improve network security, visibility, and management (for example, devices in the Fortinet Security Fabric)
  • Troubleshoot all components when an issue arises for quick issue resolution

If this list looks like a tall order for your employees now, then how long will it take them to get up to speed? The Fortinet NSE4 certification, for example, is 5 days of training material, not including engineer practice time. Do your employees have this time to dedicate to learning how to use the FortiGate?

Vulnerability Mitigation and Patching

After investing the time to learn how to use the firewall, will your admins have the time to be able to stay on top of firewall patches and vulnerabilities?

Firewall vendors regularly release updated firmware versions. These updates can include bug fixes, new features, vulnerability mitigations, and can sometimes even introduce new bugs of their own. Your admins will need to adopt a process to keep an eye out for these updates and vulnerability announcements and assess the security risk for your business.

cyber risk management

Not if, but when the time comes that a firmware upgrade is necessary, your staff should perform their due diligence to ensure the new firmware is fully tested in a lab environment before being rolled out to production to avoid any surprises.

24x7 Monitoring and Incident Response

A “set it and forget it” approach to a firewall does not work in today’s cybersecurity landscape. If your organization is going to manage the firewall yourselves, then your employees should be performing many of the same functions as a security operations center (SOC), including continuous monitoring and incident response. Can these admins monitor the firewall logs for indicators of comprise (IOC) and indicators of attack (IOA) and perform incident response 24×7?

SOC dashboard screenshot

If 24×7 is out of the question and you settle for 8×5 monitoring and incident response, your employees still only have so much time in a day. Will adding these responsibilities stretch them too thin and/or compromise the quality of work?

MSP-Managed Firewalls - An Easy Button

Organizations who do not have staff with enough time to dedicate to security, or those lacking staff with necessary security expertise, will find handling all the responsibilities that come with a firewall to be challenging. In this situation, outsourcing these responsibilities to an MSP/MSSP really is an easy button, allowing your business to focus on what it does best instead of trying to quickly master cybersecurity.

If you would like to discuss how VPLS can take ownership and manage the complexities of your firewall, which is such an important cybersecurity investment for your business, then please reach out to us; we’d love to help.

John Headley

Read More from this Author

If you enjoyed this article, you'll probably like:

SSL Decryption

Eliminating Firewall Blind Spots with SSL Decryption

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

For years, it was common to visit websites that were not available over HTTPS, and even as recent as 2019, major websites like ESPN were still only available over regular, insecure HTTP. However, thanks to initiatives from web browsers, like Google Chrome in 2018 who began warning users that any website visited over HTTP is “not secure”, encountering a website that is only available via HTTP is a rare occurrence these days. In fact, according to Google, Chrome users are now spending more than 90 percent of their time using encrypted websites and applications.

This astounding statistic makes it clear that encrypted traffic has become the new normal. As a user, this statistic represents an amazing shift forward in regards to privacy and security, but as an IT and cybersecurity professional, this brings new challenges: is your firewall effective against traffic that is, by design, supposed to keep prying eyes out?

SSL Decryption
Percentage of pages loaded over HTTPS in Chrome by platform

How can SSL create a blind spot?

Secure Sockets Layer (SSL), later replaced by Transport Layer Security (TLS), is the standard protocol to transmit secure data over the internet. It is what makes visiting a website over HTTPS secure versus plain HTTP. SSL encrypts traffic, placing it inside of a “tunnel” so the confidentiality and integrity of your banking transaction, for example, remain unaffected.

Unfortunately, this technology was designed for good, but can also be used for evil, as cybercriminals commonly hide threats inside of encrypted traffic in order to go around security controls. Even businesses with the most extensive security measures in place can be targeted if they are not closely monitoring encrypted traffic.

Solution: SSL Decryption

On a next-gen firewall like a Fortinet FortiGate, the key to monitoring and protecting against threats that may be contained inside encrypted traffic is SSL decryption, also commonly called SSL deep packet inspection. With SSL decryption enabled, the firewall is configured to intercept encrypted traffic before it reaches its destination. Once intercepted, the firewall will decrypt, inspect, and re-encrypt the traffic before forwarding it to the original destination. SSL decryption gives the firewall new capabilities to identify and analyze encrypted traffic and applications to prevent these previously undetectable threats, attacks, and data leakage.

SSL Decryption

SSL decryption is a very powerful capability, and in some cases regulations may prohibit you from decrypting user data. In these cases, the firewall can be configured to decrypt HTTPS only on certain questionable websites and applications, while other web traffic from familiar and recognizable organizations smoothly bypasses SSL decryption.

Firewall Limitations Without SSL Decryption

Without SSL decryption, the security profiles on your next-gen firewall are limited in their ability to protect you against these hidden threats. The table below gives an example of how a FortiGate next-gen firewall’s features are limited when SSL deep inspection is not enabled:

SSL Decryption

And these firewall limitations don’t just apply to HTTP and HTTPS traffic. Other secure protocols can be inspected with SSL deep inspection as well, such as SMTPS, POP3S, IMAPS, and FTPS.

If your organization is unsure if your firewall is performing SSL decryption, or if you want expert guidance on enabling SSL decryption, please reach out to us. We are happy to offer a free consultation on how our team of certified security experts can help give you the visibility needed in today’s world of almost completed encrypted traffic. 

Read More from this Author

If you enjoyed this article, you'll probably like:

VPLS Forigate Banner 1200x628

FortiGate SSL VPN Certificate Vulnerability

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

A new article detailing an SSL VPN certificate vulnerability in FortiGate firewalls is making its rounds in cybersecurity circles. The article details how a FortiGate, if left with its default settings, could allow a man-in-the-middle attack to take place for SSL VPN users.

The article mentions that potentially 200,000 FortiGates are deployed in the wild with the “major security flaw” that this attack exploits.

Fortinet’s response is that they already provide a warning to IT administrators not to use this default configuration, so they will take no action on their part at this time. As of this blog post, no unique CVE number has been assigned to this vulnerability, and the article itself has drawn criticism for reporting as new an already well-known vulnerability that applies to this default configuration.

ForiGate Settings 591x381

If you are using the default, self-signed certificate for your SSL VPN as shown in the photo above, VPLS recommends purchasing and installing a valid SSL certificate to use for the SSL VPN to mitigate this vulnerability.

Please reach out to us if you would like more information on if this vulnerability applies to your environment and what mitigation steps are required.

Additionally, VPLS would be happy to assist you with the mitigation steps mentioned above, including assistance with purchasing and installing a valid SSL certificate for your VPN, for a $500 flat fee.

Read More from this Author

If you enjoyed this article, you'll probably like:

VPLS Ransomware Prevent Banner 1200x628

How to Prevent Ransomware – A Technical Checklist

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Unfortunately, there is no single solution to prevent ransomware or stop the spread once it has infiltrated your network; a defense in depth approach must be used. Below is a comprehensive, but not exhaustive, list of technical and administrative controls that can be used in your business’ defense against ransomware.

Your Ransomware Technical Checklist

Employee Training

Email Security

Endpoint Security

Zero Trust Network Access (ZTNA)

Security Information & Event Management (SIEM)

Business Continuity

Employee Training

Security Awareness Training

Source: KnowBe4

According to the Sophos May 2020 report, the most common attack vector for ransomware is email, with infection occurring from a user unknowingly clicking on a malicious link or attachment. Before focusing on email security (our next recommendation on this checklist), security awareness training is imperative to decrease the odds that your workforce falls for common social engineering tactics employed by attackers.

With simulated phishing attacks on your employees, ransomware simulation, domain spoof testing, and more, good security awareness training programs go far beyond than just presenting a boring slideshow to your employees, and will leave your workforce much more cautious and prepared to defend themselves against these clever attacks.

VPLS Recommends: KnowBe4

Email Security

Secure Email Gateway

As we discussed above, email is statistically the most likely threat vector for ransomware and therefore one your organization should not take lightly. Major email providers, such as Office 365, do offer some level of threat prevention built into their platform, but data shows administrators are not confident in the capabilities of this included protection. Secure email gateways offer a more complete list of protection mechanisms to thwart the ever-changing techniques employed by modern day attackers, as well as providing better visibility to any incidents that may occur.

VPLS Recommends: Proofpoint Essentials

How Proofpoint Helps

Zero-Day Threat Prevention (Sandboxing)

Of the assortment of comprehensive protection features offered by secure email gateways, ensure that your solution includes both attachment and URL sandboxing. Sandboxing is the solution for zero-day ransomware threats that can bypass normal filters. Files and URLs are automatically scanned using a cloud-based or on-prem sandbox environment, allowing full execution and analysis of the attachment or URL to ensure no bad behavior will occur once the attached has been opened or the URL visited.

VPLS Recommends: Proofpoint Essentials (email only) or FortiSandbox(standalone/multi-source)

Endpoint Security

Endpoint Detection & Response (EDR)

We discuss the what and why of EDR in our 5-minute primer on EDR, but the crux is that traditional endpoint protection is not good enough to protect against sophisticated threats like ransomware. A modern endpoint detection and response solution is what will enable both protecting the host from getting infected in the first place (pre-infection protection), as well as detecting an infection has occurred and handling the threat if it infiltrates the computer (post-infection protection).

The ability to detect and defuse ransomware, as well as automatic playbooks for responding and remediating the infection are critical to ensure one infected host does not compromise the rest of your corporate assets.

VPLS Recommends: FortiEDR via VPLS’s Managed Detection & Response (MDR) Service

Zero Trust Network Access (ZTNA)

Next-Gen Firewall

For protecting both on-prem and remote corporate users and company assets, a next-gen firewall is critical to ensure you have the detailed visibility and granular policy enforcement required to protect a network environment from ransomware. The old days of creating policies using just IP addresses and port numbers alone are gone, as a next-gen firewall has the intelligence to allow layer 7 application filtering and granular network access based on user ID or user group, regardless of their IP address or port numbers.
FortiGate Next Gen Firewall 1199x501

In addition to smarter policies, a next-gen firewall will commonly come equipped with things like IPS/IDS, network-level antivirus, web content filtering, DNS filtering, and SSL inspection, which when configured with ransomware in mind, will ensure that you notice and block even the most elusive indicators of attack (IOA) and indicators of compromise (IOC).

VPLS Recommends: Fortinet FortiGate via VPLS’s Managed Firewall Service

SSL Deep Packet Inspection

Commonly overlooked or put at the bottom of a firewall admin’s to-do list, SSL deep packet inspection, also known as SSL decryption, allows a next-gen firewall to inspect the payload of encrypted traffic being sent to and from corporate assets. This is important because without SSL deep packet inspection, ransomware hiding in encrypted payloads will not be caught by the next-gen firewall. Additionally, since many next-gen firewall features will not function or will only function partially, like IPS/IDS and network-level antivirus, you may miss out on key indicators of attack (IOA) and indicators of compromise (IOC) that you would otherwise have visibility into.

VPLS Recommends: Fortinet FortiGate via VPLS’s Managed Firewall Service

SSL Security Profile 608x215

Internal Network Segmentation/Microsegmentation

All next-gen firewall deployments are not created equal. “Flat networks” of yesteryear allow unrestricted lateral movement of ransomware once a computer becomes infected. Internal network segmentation solves this issue by putting devices in different segments based on device type. With the next-gen firewall as the L3 gateway, you can apply the same layer 7 and user-based policies to even your internal-to-internal traffic, not just for traffic leaving the network edge.
Internal Segmentation Example 843x510

Microsegmentation takes this internal network segmentation one step further and allows you fine-grained control to police the traffic between devices that are a part of two internal segments or even the same internal segment. This can be achieved by creating policies based on user identity and/or deploying an endpoint-level application firewall on the hosts themselves.

VPLS Recommends: Fortinet FortiGate via VPLS’s Managed Firewall Service + FortiSwitch via VPLS’s Managed Network Service

Network Access Control (NAC)

Whether your users are on-prem or remote, one computer infected with ransomware is all it takes to begin a chain reaction that will quickly bring your business to a halt. In conjunction with your next-gen firewall and the internal network segmentation deployment topology, NAC should be in place to facilitate dynamic network access control, which ensures only trusted corporate devices will automatically get placed in an appropriate internal network segment and have access to sensitive resources. Other guest and BYOD devices should be isolated and placed on a restricted network.

After the NAC solution dynamically allows access based on device trust, endpoint compliance should also be continually evaluated. If the host does not meet compliance requirements, such as if the host becomes infected, does not have antivirus running or it is out of date for too long, or the host does not have the latest OS patches installed, the host should be moved to a restricted quarantine or remediation VLAN until the missing criteria is met.

Remote users aren’t excluded here—NAC and endpoint compliance can and should be enforced for users before allowing them to connect to the corporate VPN.

VPLS Recommends: Fortinet FortiNAC

Security Information & Event Management (SIEM)

SIEM

A defense in depth approach to cybersecurity provides thorough protection against ransomware, but it also provides a thorough amount of something else—logs! Not only will many logs be generated from these various systems we have talked about, but your team must devise an efficient method to parse through the logs, pull out key information, and alert IT personnel about security events that are occurring to ensure your business has a firm grasp of the activity occurring in the network environment.
AlienVault-SIEM 692x347

Enter the SIEM. A SIEM solves the complex problem of aggregating logs from multiple sources and performing event correlation. The logs and real-time diagnostic data from all of your endpoints and network equipment allow the SIEM to intelligently zero in on suspicious or malicious activity and send appropriate alerts to your staff in real-time. SIEMs typically also include vulnerability scanning capabilities, cloud monitoring, host-based IDS, and an assortment of other complementary components too, providing your security team with even more powerful analytics and response capabilities at their fingertips.

VPLS Recommends: AlienVault via VPLS’s Managed SOC Service

Business Continuity

Offsite Backups & Disaster Recovery

When it comes to ransomware, a prepared business should always plan for the worst-case scenario—infection, data being held at ransom, and business grinding to a halt. In this unfortunately common doomsday scenario, having offsite backups protected from infection, as well as a dependable disaster recovery plan, can exponentially decrease financial loss and ensure your business gets back up and running within minutes.

VPLS Recommends: VPLS’s Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS)

Backip DRaas 700x437

My checklist is complete; now what?

The checklist above contains truly business-saving technical controls that can be used to enhance your business’ security posture and increase its defenses against ransomware. However, as mentioned at the beginning of this post, this list is not exhaustive, and many things were left out from this checklist for the sake of brevity—mobile device management (MDM), cloud access security broker (CASB), browser isolation, and user entity and behavior analytics (UEBA), just to name a few.

The fight against ransomware never stops, and whether you want to discuss the items mentioned in this checklist, or are ready to explore what’s next, VPLS is here to help.

Read More from this Author

If you enjoyed this article, you'll probably like:

VPLS What is EDR Banner 1200x628

What is EDR? – A Primer in 5 Minutes

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

VPLS What is EDR Banner 1200x628

EDR stands for Endpoint Detection & Response. The “endpoint” in this phrase refers to any individual network-connected node belonging to your company, such as an employee’s workstation or a company web server.

EDR emerged because the standard endpoint protection platform (EPP), i.e. traditional antivirus products, were not cutting it in today’s world of ransomware, determined threat actors, and advanced persistent threats (APTs).

Traditional EPPs focus on preventing infection in the first place, mostly through a database of signatures. However, according to Gartner Research’s Magic Quadrant for EPP, “The security mindset has shifted to acknowledge that prevention alone is not enough; security and risk management leaders must be able to more easily harden endpoints and perform more detailed incident response to resolve alerts.”

standard endpoint protection platform processTo put it simply, threats will get through your antivirus protection. When they do, EDR will Detect that threat and Respond both quickly and automatically to ensure that the breach is stopped, and that any other relevant actions are taken, such as isolating the endpoint or rolling back malicious changes.

Where EPPs only provide pre-infection protection, EDR completes the circle by providing both pre-infection and post-infection protection.

To ensure I am honest on my 5-minute promise, I just wanted to touch on some other capabilities of EDR that set it apart from EPPs. For example, the unprecedented visibility into the endpoint provided by EDR allows your team to investigate the chain of events that led to the attack and understand how the malicious code compromised the system.

Additionally, this visibility allows members of your organization to participate in “threat hunting”, whereby the hunters can look at all of your endpoints for indicators of compromise (IOCs) and proactively investigate the endpoints for threats before a data breach occurs.

EPP process cycle EDR

There are many more exiting capabilities of EDR, but this primer was meant to introduce those unfamiliar with EDR to the general concepts of the product and how it fits into a company’s security stack. If you are interested in going deeper into how EDR works and how it can fit into your existing environment, please contact us today to learn more.

EPP Image 3

VPLS recommends and proudly offers FortiEDR as our EDR solution of choice. We are a Fortinet Expert-level partner and MSSP, which means we have highly certified Fortinet engineers (all the way up to NSE8), as well as an in-house SOC, that can deploy and manage FortiEDR for your company with unparalleled expertise.

Read More from this Author

If you enjoyed this article, you'll probably like:

Shark Blog

The Art of Phishing: How Cyber “Sharks” Hook, Line and Sink Their Victims

Blog Post / By

Unsuspecting users around the globe are becoming easy prey to increasing cyber security threats. A task as simple as checking your email inbox is no longer the innocent act it once was. In light of Shark Week, VPLS wants to remind you of the danger lurking in the sea of data that is phishing. Here is an excerpt to help you identify and protect yourselves from becoming cyber shark prey.

The Art of Cyber “Shark” Phishing

There is nothing quite like fishing: an open ocean, a fishing rod, and patiently waiting for your catch to take the bait. And there’s no greater feeling than discovering you’ve caught something worthwhile.

The art of email phishing is no different. However, in this scenario, the ocean is made up of thousands of email accounts with cyber “sharks” always lurking ready to attack.

On a daily basis, employees sit down at their desk with a hot cup of coffee and begin sorting through dozens of emails. Suddenly, an employee notices an important message from Human Resources (HR). The message directs the employee to a link and asks that the user update their current personal information. Without a second thought, the employee completes the task and discovers that all linked work accounts have been infected with malware. One by one, work files are disappearing, as the culprit basks in their latest catch.

It Looks Like a Fish! Swims Like a Fish! But… is it a Phish?

Phishing emails usually hide behind familiar and reputable company brands, which explains why many of us fall prey to this tactic and relinquish personal information.

By understanding the victim’s trends and habits, scammers can obtain personal information by impersonating corresponding banks or organizations, claiming to verify customer records due to a technical error. This type of phishing, known as Whaling and Spear Phishing, specifically targets large businesses and organizations due to the large number of customers available.

Cybercriminals can also use the pharming technique, where they lure their victims with a promise of a prize, if they fill out a survey form with necessary information. Another way this tactic is put into practice is when the scammer leads their victims to a phony version of a legitimate website, that a user is trying to visit by infecting their computer with malware. The malware then redirects the user to the fake website even when the correct address is inputted.

 

Phishing 101: How-To Recognize a Scam

Real company emails never request sensitive and personal information.

Beware of emails with links or attachments that ask for passwords, credit card information, credit scores or other personal information.

Real company emails address you by your full name

Phishing emails typically use generic greetings like, “Dear Customer,” “Dear Account Holder,” or “Dear Valued Member.”

Real company emails have proper domain names.

Check the sender’s email address to ensure legitimacy. Emails with alterations to the domain address, such as additional letters or numbers, are typical signs of fraudulent accounts.

Real company emails don’t have poor grammar.

Bad grammar in an email is a sure sign that you are dealing with a scammer, as most company emails are heavily scrutinized and edited before release.

Real company emails don’t force you onto their website.

Some phishing emails are coded in a way that forces a browser to open and automatically opens a specific website.

Real company emails don’t include unsolicited attachments.

Unsolicited emails containing attachments are typically sent by hackers as a way of downloading malware onto your computer.

 

Stay Vigilant

Learning and knowing more about email phishing can make all the difference when trying to distinguish what is phish bait and what isn’t. Lucky for you, VPLS, offers KnowBe4 Security Awareness Training Services to train your employees to efficiently identify a red flag in real life situations to prevent potential cyber “shark” attacks.

So, the next time you are faced with a questionable message in your inbox, remember these guidelines and you may avoid becoming a victim of someone else’s phishing game.

[av_hr class=’default’ height=’50’ shadow=’no-shadow’ position=’center’ custom_border=’av-border-thin’ custom_width=’50px’ custom_border_color=” custom_margin_top=’30px’ custom_margin_bottom=’30px’ icon_select=’yes’ custom_icon_color=” icon=’ue808′ font=’entypo-fontello’ custom_class=” admin_preview_bg=” av_uid=’av-m7niqe’]

Follow, Like & Share!

Don’t forget! VPLS offers Knowbe4 services that will help train your team to identify, flag, and prevent phishing emails from entering your organization. If you want to keep up with the latest security trends and other IT related products and services, please visit our blog and stay current with the latest news!

Firewall Banner 1280x802

VPLS Basics: What is a Firewall and How Does It Work?

Blog Post / By

VPLS Basics: Firewall Security

As technology develops and improves, so do the threats against your security structures and private information. For this reason, it’s become second nature to check for updates and install the latest software patches and firewall upgrades. But, how exactly does a firewall keep you safe from ongoing cyber threats from across the globe?

Take a closer look into understanding how one of the most vital tools against cyber security threats keeps you and your information safe from unsolicited visitors.

VPLS Basics: What is a Firewall and How Does It Work?Read More »

Scroll to Top