The spam and virus detecting systems are sufficiently well built and developing continuously in order to protect the users who are familiar with a minimal hygiene of the e-behavior against such attacks. When the automate methods fail, the users’ good sense and experience should be able to protect them.

Spam and viruses are high on the list of the attacks via e-mail; “phishing”, e-mails received from “banks” promise to become at their turn main actors.

However, besides viruses, spam and “phishing”, the e-mail is used particularly for business and this feature makes its attacking extremely appealing. A price list, some preferential contractual clauses or the debates on strategy of the management members are carried and transmitted by e-mail. Such messages can be intercepted by anyone who has access to the unprotected communication channel (wireless network, intranet intruder), to the mail server or the computer of the attacked person. The e-mail is deemed as a trusted environment, a black box where messages go in and out. Inside this box the things are however transparent and it is not at all complicated to intercept messages either. The content can be modified, the sender can be impersonated, but the lukewarm feeling of the black box is reassuring enough.

Consequently, messages travel as a postcard, anyone curious may read and modify them and the fraudulent activity attentively executed remains undetected. The consequences are serious: business secrecy being revealed or decisions which are grounded on false data being made. It is not comfortable at all. Did such situations occur? Officially, nobody knows, the attacks are not declared, especially if happened internally. Such information may seriously damage the organization image.

For those users needing, for their own comfort, to know what’s happening with their e-mail between the monitor and the recipient’s e-mail box there are some simple solutions. The security requirements are similarly simple: messages must not be modified, one must know from where they come and must not try unauthorized reading.

Technically translated, sensitive messages have to be electronically signed and encrypted. Practically, it is about the electronically transposing of the classical mail services: the letter is signed, inserted in a sealed envelope. Should the envelope be opened on the way, anyone is able to detect the attack and in the case of e-mail, the opened message cannot be read if it is encrypted.



It is not complicated; a good application to protect the e-mail offers to the users a high security level without burden on the routine activities. Such an application integrated in the e-mail client on the work station, laptop or smart-phone, together with digital certificates, which should allow the messages electronical signing and encryption, prevents many problems.

The first step is to become aware of the risk and the impact that can be caused by such an attack. The approaching starts upwards, from the management of the organization to the common users. Once put into practice, a protection solution for the electronic mail may be gradually extended in order to complete the security environment of that organization.

Cat eats mice but if the master of the house does not care to cover the food, he can find the mouse and the cat together, enjoying the banquet. Not even the dog brought further won’t solve the issue, which he has to manage himself.