ProtonMail & phishing attacks (how to outsmart them)

Antivirus, forensics, intrusion detection, cryptography, etc.
Post Reply
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

ProtonMail & phishing attacks (how to outsmart them)

#1 Post by labbe5 »

Phishing attacks : how to prevent them.

https://protonmail.com/blog/prevent-phishing-attacks/

A typical way of getting hacked is falling for a phishing attack. In fact, most of the large data breaches in recent years have been due to phishing.

The number of phishing attacks is increasing because they are both easy to execute and highly effective. Even if the eventual goal of an attacker is an organization, attacks always begin by targeting individuals. Phishing attacks have been utilized to steal confidential information, compromise entire organizations, and perhaps even influence a Presidential election.

Phishing is a type of online attack where criminals send a fake email asking you to click a link or download an attachment, appearing to be from a legitimate source. That can be a bank, a credit card company, an email provider or popular services like Google, Ebay, or Facebook.
Phishing campaigns can be extremely sophisticated, making use of highly personalized messages that appear to come from people you know, or companies you trust. Oftentimes, attackers will try to trick you into entering your password into a web page that appears legitimate but is actually a fraudulent site which is stealing your data.


Read on for more info on phishing attacks (link above).

ProtonMail provides some unique tools to help prevent phishing attacks :

ProtonMail provides additional anti-phishing protection with PhishGuard, a set of special features designed specifically to combat phishing.

If the person you are communicating with is also using ProtonMail (or their email is hosted by ProtonMail), your communication is transmitted with end-to-end encryption. Secure emails sent from other ProtonMail users can be identified by the purple lock.

To further protect users, ProtonMail also supports DMARC which helps to identify emails which might be spoofed. For example, when you open an email which fails DMARC, we display a red warning message to warn you that the email may be spoofed and that you should verify the authenticity of the email with the sender.

If you have any doubts about whether or not an email is legitimate, please ask and confirm with the person or company that supposedly sent it.

More on security from ProtonMail :
https://www.blackmoreops.com/2017/02/14 ... tor-users/

ProtonMail Opens Door for TOR Users

...your email communication can happen in disguise through Tor network using ProtonMail as your Encrypted EMail Service provider. They recently secured a place on Deep Web using the .onion web domain protonirockerxow.onion.

Tor network has over the years undergone review as one of the most secure platforms through which privacy conscious individuals and corporations can browse the internet securely and anonymously.

What is the guarantee that users will not suffer a breach of the security of their data? First, neither can the hidden-service server have its real IP discovered nor the users’ IP addresses. Tor uses a multi-layered encryption protocol and additionally rotates IP addresses frequently. Hence, neither ProtonMail nor internet interceptors can capture and log the real identity or location of users. It makes tracking difficult.


How to Use ProtonMail on Tor

Steps :
Download Tor Browser from https://www.torproject.org/download/download.html. Choose your Operating system. The site contains explicit guidelines regarding installation and initial setup. You can follow instructions from here to setup TOR in Linux.
Launch Tor browser, set up Proxy info and Bridges(optional) and wait as an encrypted path to the internet gets established. You can test whether your traffic is conveyed via Tor network by visiting https://check.torproject.org.
Visit ProtonMail Tor server at https://protonirockerxow.onion, read their terms and conditions and create an account with them. Any data sent from your account henceforth will be channeled through Tor Network concealing both your location and identity.


If you ever complained about lack of security and privacy with email communications, with ProtonMail (basic free accounts), you are given the tools to prevent most hacking attempts : end-to-end encryption, Tor network, anti-phishing tools and spoofing (purple lock, DMARC), and some common sense to filter good emails from bad (links and attachments for malicious intent).

Further reading :
https://protonmail.com/blog/tor-encrypted-email/
About phishing attacks : http://whatismyipaddress.com/anti-phishing
A new Google service to protect politicians and senior executives from sophisticated phishing attacks : http://www.zdnet.com/article/googles-ne ... ical-keys/
Homeland Security orders federal agencies to start encrypting sites, emails :
http://www.zdnet.com/article/homeland-s ... RSSbaffb68
Introducing ProtonMail Contacts – the world’s first encrypted contacts manager
https://protonmail.com/blog/encrypted-contacts-manager/
https://www.ghacks.net/2018/07/26/proto ... ification/

Post Reply