BTW, received a couple of these today masquerading as a secure message delivery system (this is just a screen grab of the antivirus log; the original email is in quarantine):
This one is poorly executed, but there is no reason it couldn't mimic the layout and style of one of the secure mail system's emails. It could be an HTML attachment that fakes the recipient into thinking they are browsing and logging into the secure system to grab credentials or whatever. Using the Cisco Secure email David sent to the list earlier as a template, a miscreant could craft a good fake. Ironically, it would probably be more effective against recipients who are used to receiving emails from a particular secure email service. Off the top of my head I don't have an alternative idea for a easy-to-understand secure mail system, but I don't like these sort of services much better than going through the headache of exchanging messages with certificates. -- Mark From: Frank Ress <[email protected]> To: "[email protected]" <[email protected]> Date: 12/09/2015 12:48 PM Subject: RE: [NTSysADM] Encrypting File Attachments Sent by: [email protected] Citrix ShareFile offers a nice encryption solution that I?m evaluating at the moment. We?ve been using Sharefile for many years purely as a hosted file sharing solution, but we?ve had a recent request to support encrypted email, and ShareFile offers this with one or two of their corporate plans. It?s implemented as an Outlook plugin, and users simply turn on encryption from a control added to the Outlook ribbon. It sends an email to the recipient with a link to the site and instructions how to create an account and retrieve the message. External users can route responses through the encryption service, as well. Both the message itself and any attachments will be encrypted. The other nice feature is that it can be configured to automatically redirect oversize attachments to the file sharing service, rather than have messages that exceed the size limit fail. Not free, but what is? Frank Ress Gas Technology Institute From: [email protected] [ mailto:[email protected]] On Behalf Of CSSU NetAdmin Sent: Wednesday, December 09, 2015 10:39 AM To: [email protected] Subject: [NTSysADM] Encrypting File Attachments We have a need to encrypt certain files before sending them via e-mail either within our system or to addresses outside our system. The receiver would need to open the file without having any special software on their machines. Does anyone have suggestions for what we can use? Thanks. This communication is for the use of the intended recipient only. It may contain information that is privileged and confidential. If you are not the intended recipient of this communication, the disclosure, copying, distribution or use hereof is prohibited. If you have received this communication in error, please advise me by return e-mail or by telephone and then delete it immediately.
