Trusted Impersonation: How Digitally Signed Email Has Made Us Less Secure

Email is the largest attack vector in cyberspace today. While this is not a revelation, new email-based attack techniques such as Trusted Impersonation, advanced phishing, and hidden malware are on the rise. The widespread adoption of HSPD-12 and increasing use of signed/encrypted emails inside government have inadvertently made email the most damaging, highest value attack vector available.  

EV*mail is a plug-in for Microsoft Outlook that combats these threats, and others, introduced with secure email initiatives. Its visual indicator allows users to visually confirm and differentiate based on commonly accepted trust standards, such as PIV, PIV-I, or CAC as well as distinguishing whether or not an email has been sent using an externally (vs. internally) issued credential.

Veiw our complimentary on-demand webcast to learn how:

• Likely the email sender is who they claim to be
• Digitally signed emails provide a false sense of security as there is little signature validation
• Freely obtained credentials appear just as trustworthy as PIV and CAC in email clients
• EV*mail validates an email sender or recipient’s trustworthiness

We will also demonstrate how to address these problems while simultaneously improving user experience.