Summary

SMTP Smuggling is a cybersecurity threat that manipulates SMTP servers to send authentic-looking phishing emails, bypassing traditional security tools.

Abstract

The article discusses SMTP Smuggling, a cybersecurity threat that targets SMTP servers to send phishing emails. These emails appear legitimate and can bypass traditional security tools. The article highlights potential red flags to look for, such as immediate action requests, grammatical errors, suspicious links and attachments, and texting. It emphasizes the importance of staying vigilant, implementing 2-factor authentication, backing up data, and updating systems.

Opinions

Cybersecurity threats are increasing at an alarming rate.
SMTP Smuggling is a new level of phishing that manipulates both outbound and inbound SMTP servers.
Traditional cybersecurity tools may not always catch SMTP Smuggling.
Immediate action requests in emails should be verified before taking action.
Grammatical errors or deliberate typos can be a sign of phishing emails.
Links and attachments in emails should be verified before clicking.
Texting can also be used for phishing attacks.
2-factor authentication is a must in today's world.
Regularly updating systems is critical for cybersecurity.

SMTP Smuggling: what is it?

And why do you need to be aware of it?

If you are a business owner or a high level executive you likely have 100 things to do before lunch each day and the last thing you might be worried about is the latest technique’s the bad guys are using to infiltrate and steal your companie’s intellectual property.

With each passing year cyber security threats increase at an alarming rate and there seems to be no end to their devious ideas. As AI becomes more common place, this is going to increase exponentially.

SMTP and SMTP Smuggling

An SMTP server, which stands for Simple Mail Transfer Protocol, is the heart of sending/recieving email for your organization.

SMTP Smuggling, the bad actors or hackers if you prefer, have developed methods to manipulate both the outbound (sending) and inbound (recieving) servers.

This is taking Phishing to a new level. Here’s a previous article I wrote that gives you a little more information on what a Phishing attack is.

Once the bad actors have access to your SMTP server, they can send very authentic looking emails, to select targeted users, seemingly from legitimate email addresses.

The maddening part is often traditional cyber security tools don’t always catch this and allow them to flow as if they are legitmate emails.

Potential Red Flags to look for

This is by no means a complete list but here are four different things you should be aware of.

1) Immediate Action Requests

When you recieve an email that appears to come from your boss or business owner and it’s requesting immediate action, this is actually a time to stop and ask is this legitimate?

I’ve had clients in the past that have approved x on such a message, only to later find that their boss sent no such message. In one case the client lost $10,000 and had to get the FBI involved. This was many years ago and he never got his money back.

2) Grammatical errors or deliberate typo’s

In the past these sites were often put together by non native English speakers and often had many grammatical errors or typo’s, but that’s changed and often it’s really hard to find these errors now, especially with AI.

That doesn’t mean there isn’t a sign to look for. For instance, the email address they provide might look like a real one. Perhaps you see [email protected] and at first glance you may not see the extra “o” in the name.

Or perhaps they mess with the domain address, so you might see Netflix.corn which again you might not notice at a glance.

These are just two examples of many.

3) Links and Attachments

This is one I’m hesitant to write about as many cyber security experts will use the term “suspicious links and attachments” and it’s true in some cases it’s obvious, but many times, especially if your staff are not remotely tech savvy, they would likely not know the difference from safe or suspicious.

My rule of thumb here is to have your IT department /provider whitelist common domains your company works with and not click on any attachments or links in an email until you’ve verified it’s from legitimate source.

I know it’s a pain in the you know what, but the alternative can be far more distruptive.

4) Texting

Most companies don’t use texting (SMS) for business, however it is a growing market and it’s something that’s very concerning.

The same phishing email links can and are often sent via SMS texting. This is why all of my clients only have their business laptops on the business wifi and their phones are only allowed on the guest wifi network.

In short, if you have a staff member that clicks on a dangerous link on their phone while outside of the office and it infects their phone with malware, that’s a huge problem.

The minute they walk into your office, their phone automatically connects to the business network, they have just instantly bypassed all your cyber security measures!

What can you do?

There is no one size fits all and of course you need to stay vigilant, but that’s no longer enough.

Installing 2fa (2 factor authentication) is a must in today’s world. This is something that’s a bit intimidating and best if you have an IT professional work with you to implement.

Make sure you are backing up your data and email, not just the individual emails, but the actual mailboxes also.

Update, Update, Update! While it can sometimes be wise to delay certain updates, it’s critical you work with an IT provider that can help here.

It takes a lot of time and research to put these articles together. If you like my content, hit the follow button and give me a clap. Thank you.