Detecting and Combating Malicious Email

Malicious email is, simply put, email with a malicious purpose. The malicious purpose could be fraud, theft, espionage, or malware injection. The processes by which email execute the malicious activity vary widely, from fully manual (e.g. human-directed) to fully automated. One example of a malicious email is one that contains an attachment which the recipient is directed to open. When the attachment is opened, malicious software is installed on the recipient's computer. Because malicious email can vary so broadly in form and function, automated detection is only marginally helpful. The education of all users to detect potential malicious email is important to containing the threat and limiting the damage. It is increasingly necessary for all email users to understand how to recognize and combat malicious email.

Detecting and Combating Malicious Email describes the different types of malicious email, shows how to differentiate malicious email from benign email, and suggest protective strategies for both personal and enterprise email environments.

• Discusses how and why malicious e-mail is used
• Explains how to find hidden viruses in e-mails
• Provides hands-on concrete steps to detect and stop malicious e-mail before it is too late
• Covers what you need to do if a malicious e-mail slips through

About the Authors

Julie Ryan is currently an Associate Professor and Chair of Engineering Management and Systems Engineering at George Washington University. Dr. Ryan began her career in the US Air Force as a signals intelligence officer after graduating from the Air Force Academy. She transitioned to civil service in the Defense Intelligence Agency as a military intelligence officer and later left government service to work in industry.. Dr. Ryan's research interests lie in information security and information warfare. She has authored or co-authored scholarly articles in such journals as IEEE Security and Privacy IEEE Transactions on Computers. She is also the co-author of Defending your Digital Assets published by McGraw-Hill

Cade Kamachi holds a Computer Information Technology degree from Brigham Young University–Idaho as well as an MBA degree from Idaho State University. While at Idaho State University, he performed research and developed trainings as part of the National Information Assurance Training and Education Center (NIATEC). Cade has worked for both industry and government in technology and information-assurance roles that included duties from technical configurations to policy creation. He has aided in the creation and implementation of cyber security exercises for collegiate, industry, and government entities.