upper waypoint

Stopping Ransomware Starts With Your Inbox, Cybersecurity Professionals Say

Save ArticleSave Article
Failed to save article

Please try again

Screenshot of WannaCry ransomware.

A screenshot of a virus-infected computer has been floating around the internet in stories about the recent worldwide ransomware attack that spread across more than 150 countries and affected hundreds of thousands of computers.

“To date, I have yet to see what that email looked like that was the initial entry point where people got infected,” said Alex Garcia-Tobar, CEO and co-founder of the cybersecurity firm ValiMail.

A phishing email is what triggered the recent ransomware attacks. About 91 percent of all cyberattacks are the result of phishing, in which scammers send emails pretending to be someone you know to gain access to your device and to your life.

“The reason email is so effective is because for the most part, people have not done what’s called email authentication, which stops people pretending to be somebody else that you trust,” Garcia-Tobar said.

Email authentication is an obscure security strategy that protects email domains. If an email domain is authenticated, scammers can’t hack into it and make fake email addresses to scam people.


Garcia-Tobar’s company is one of a handful that provide email authentication services to businesses. He said company executives are increasingly becoming the target of scams rather than individuals.

“Coupa, a local Bay area company, recently had a W-2 attack,” he said. A few months ago, the human resources department at Coupa received an email from someone posing as the CEO, asking to be sent employee federal W-2s forms. The email came from a Coupa.com email address.

“So those W-2s left the company,” Garcia-Tobar said. “Anyone that’s experienced a W-2 attack will tell you, W-2s enable a criminal to buy a house with your name on it, to take a car loan, to open bank accounts.”

If the Coupa.com email domain had been authenticated, the scammer wouldn’t have been able to make an account and impersonate the CEO.

“If more companies authenticated their email domains, the phishing and ransomware exploits would drop a lot,” said Cameron Camp, a security researcher with the the security company ESET.

Email authentication is still a relatively new security strategy. The majority of companies have not adopted it.

“There needs to be more one- or two-button solutions,” Camp said. “The tools are difficult to set up.”

Camp said while authenticating an email domain isn’t as easy as installing anti-virus software, businesses need to prioritize it.

“If scammers can get into a corporate email, they can send an invoice request to a customer and then change the bank number on it,” Camp said. “The impersonation attacks are getting very sophisticated.”

For personal email, major providers like Gmail and Yahoo take care of authenticating their users.

The real risk is with company email. It might be worth emailing your work IT department about authentication.

On second thought, go talk to them in person.

lower waypoint
next waypoint
Federal Judge Orders New Sentencing Hearing for David DePape in Trial Over Pelosi AttackSome Bay Area Universities Reach Deal to End Encampments, but Students Say Their Fight ContinuesAfter Months-Long Coma, This Latino Immigrant Worker Is Still Fighting Mysterious Long COVID SymptomsCalifornia Promised Health Care Workers a Higher Minimum Wage — but Will Newsom Delay It?David DePape Sentenced to 30 Years in Federal Prison for Attack on Nancy Pelosi's HusbandNewsom Says California Water Tunnel Will Cost $20 Billion. Officials and Experts Say It's Worth ItEighth-Grader's Call to 911 About Teacher's Outburst Causes StirFree Key Choir: 'What's in a Name'Antisemitism Is on the Rise, but Defining It Is Harder Than Condemning ItImpact of California Fast Food Worker Wage Increase Still Too Early to Gauge