Web Data Leak: Email
Threat Description and actions taken by Wandera
Threat Description
Wandera has detected an email address sent in an unencrypted (or easily decrypted) format, as it was transmitted across the Internet.
Further threats resulting from email leaks include:
- The inherent format of email addresses may enable an attacker to identify the user and the organization they represent. Based upon the interests of the attacker, this knowledge could be used to perform more targeted attacks against this specific user or your organization using hacking practices such as spear-phishing.
- Correlating an email address and sites being accessed enables third-party intermediaries to gain insights into the browsing and usage habits of the email address owner.
This unencrypted data can be captured by an attacker through the following attack vectors:
- Public WiFi Networks: An attacker can easily “sniff” unencrypted traffic on WiFi networks that are not password protected. These are often found in public places such as coffee shops, airports, and other community locations.
- Nefarious intermediaries or network operators: Even on encrypted wireless networks, this data traverses other network equipment across the Internet in an unencrypted format to reach its destination. This data could be collected at any point without any way to detect if such access has occurred.
How to handle the threat
- Evaluate the web site for other potential data leakages due to poor security practices or lack of HTTPS utilization.
- Contact the user and enquire about the site usage. Recommend abstaining from using the web site on insecure networks.
Wandera keeps your devices secure from
Ransomeware
BAD CERTIFICATES
Leaky apps
MAIL ABUSE
MALICIOUS APPS
MALICIOUS WEB SITES
ABUSE OF CREDIT CARDS
POORLY IMPLEMENTED SECURITY
HOW IT WORKS
Wandera Secure was designed for mobile and works seamlessly on iPhone, Android and Windows phones.
After installing the solution the app will protect and inform you directly if there are severe threats on your mobile device.
Additionally, you will receive an e-mail at the end of each month, with an overview of detected and remediated security threats during the month.
Wandera Secure gives you peace of mind!
REAL-TIME MACHINE LEARNING ANALYSIS
Billions of daily mobile data inputs are collected through the multi-level architecture and analyzed in real time by a mobile intelligence engine powered by Wandera.
Beyond inspecting the content, it studies the apps making each request, and maintains a reputation for each app.
When you analyze more data, you intelligently prevent more threats.
21,687,777
Unique Domains Visited
481,386
Requests handled
1,175,105,406
High severity threats detected
58,226
Data seen (in GB)
201,023,768,321
Daily inputs from mobile devices
MANAGED FOR YOUR CONVENIENCE
It’s in your (colleague’s) best interest to be able to use the smartphone / tablet to do business without worrying about anything else.
Flexinets now offers an Enterprise Mobile security solution for small and medium businesses as a managed service to make sure that you at least don’t have to worry about the security of your mobile devices.
Wandera Secure handles a variety of mobile threats
DEVICE THREATS
Jailbreaks, Semi Jailbreaks, Outdated OS, Malicious Profiles, Vulnerabilities.
APP THREATS
Personally Identifiable Information (PII) leaks from approved apps, Ad servers & APIs, Sideloading, Permissions.
WEB THREATS
Malicious sites & apps, Browser exploits, Phishing & Spam.
INFRASTRUCTURE THREATS
Man in the Middle Attacks, Rogue hotspots, Certificate spoof, WiFi phishing, Public cloud apps.
TRUSTED BY OVER 750 GLOBAL ENTERPRISES
Managed for your convenience
RANSOMWARE
How some exploits/malicious apps can block your phone?
When e.g. an email is sent to your account with a link to an invoice. As soon as you open the link, you will be sent to a website that can infect your smartphone with software e.g. “ransomware”. This software will lock your screen from further usage. The only way to access your phone again is paying the requested ransom to obtain the necessary code to unlock it (or restore your latest phone backup).
How we protect you against exploits/malicious apps?
Our Mobile Security Solution protects you against exploits/malicious apps. As soon as you click the link, the access to this site is blocked so ransomware can not be downloaded on your phone. This happens because the link is analysed by our malware detector (which analyses 2 billion web request every day) which then defines the website behind the link as insecure and access is denied.
MAN IN THE MIDDLE ATTACK
How can encrypted email be hacked?
Even if your email is encrypted, hackers can still compromise your privacy if you connect to a rogue hotspot (a hotspot masked as a free wifi hotspot for example at your local coffee shop.) that a hacker has set up. You think you are securely connected to your local café. In reality, it can be a mobile hotspot set up by hackers to exploit weaknesses in apps and possibly gain access to secure communication to read all your unencrypted communications as soon as you’re logged in. The hacker can with this information pretend he is you. And for example send an email in your name to your colleague eg. with a message that you for example need to transfer money or have to pay an attached invoice. The more information a hacker gets about you, the easier they can impersonate you and take advantage of the situation.
How we protect you against this?
Our Mobile Security Solution can help identifying potentially malicious hotspots and protect you from situations like this. The service seamlessly scans and determine if a wifi hotspot is not secure and can block or warn about it to prevent your email from being misused.
UNSECURE APPS
How your credit card information can be used by hackers?
We are buying more and more products and services online via our smartphones / tablets. When you do this, your credit card information is sent over the internet and in some cases this is done unencrypted (last year, this happened when flights were booked through the Easyjet app and a number of other airline apps). If this happens, the credit card information can be read and can be misused by hackers.
How we protect you against unsafe apps?
Our Mobile Security Solution protects you against these insecure apps through a combination of app reputation and scanning for unencrypted personal data like credit card numbers, passwords etc. If personal data is sent unencrypted or there are other security issues, you will be notified immediately via an in-app notification. You can then delete the app to be sure that your personal data is not misused.
Flexinets Sweden
Flexible Networks Nordic AB
Visiting Address:
Mäster Samuelsgatan 60, SE-111 21 Stockholm,
Sweden
Postal Address:
P.O. Box 3029, SE-720 03 Västerås, Sweden
info@flexinets.se
support@flexinets.se
Flexinets Finland
Flexible Networks Nordic OY
Visiting Address:
Tekniikantie 14, 02150 Espoo,
(Helsinki) Finland
Flexinets Denmark
Visiting Address:
Savsvinget 7, 2970 Hørsholm
Copenhagen
Denmark