Smart emailing – Protect yourself from Ransomware

SPAM emails. Those dreaded pesky things. While traditional SPAM has been on the decrease over the last few years, it seems that malicious emails have been on the increase. I have to say, personally, I find this statement to be quite true. The majority of SPAM emails I receive these days purport to be from someone they are not and always include an attachment, one that no doubt contains some form of malware. According to Kaspersky, their products prevented 22,890,956 attempts to infect users with malicious attachments via email in March 2016, twice the number reported in February 2016. The entire Q1 2016 quarter reports an increase of 3.3 times higher attempts over the same period last year.

This is a concerning trend. Given that web browsing is becoming safer these days, with developers implementing higher security and anti-phishing protection, it makes it harder for these fraudsters to target internet users. So they turn to using email.

What can you do to protect yourself from these attacks?

First and foremost, you must have a good anti-virus/anti-malware program installed. One that scans your emails for threats. The last few versions of Windows have included their own MS Security Essentials program, if you have nothing else this at least gives you basic threat coverage. It’s certainly better than nothing at all. Do some research and find one that fits your needs and budget. There are a lot of programs on the market these days, some are better than others. There are plenty of forums and reviews to help you out with your research. This alone is not a fool proof solution. There will always be those “lucky” few that get hit with the newest attack, maybe before the anti-virus developers have issued an update to circumvent the new threat. This brings me to the second point.

Secondly, but certainly no less important in my mind. Potentially more important if you think about it, a free tool that we all have at our disposal. Our brain!

How is this better than any anti-virus, you may ask? Well I like to think that any disaster can potentially be avoided by being properly informed and alert to your surroundings. The old 6Ps adage can apply to so many situations. Planning and Preparation = Knowledge. Knowledge about how these fraudsters target people and the types of scams they use is invaluable. Sure, sometimes we may be distracted and busy, not paying the usual amount of attention. You’re only a few clicks away from potential catastrophe!

Here are some common factors to help you properly identify malicious SPAM emails:

• They will almost always never contain your personal name in the salutation. Simply beginning with “Hello,” Or “Dear customer,” etc If its not personalised, proceed with caution.
• It is an email purporting to be from a company you do not have an account with. Big Banks, Telcos & Energy providers are often used for this purpose. Of course, its a dead give away if you don’t have an account with the company that seems to be emailing you. But what if you do have an account there? Most of the malicious emails use scare tactics or credit incentives in the content to try and distract you from the facts. There was a recent Telstra scam email going around that offered a credit and sent you to a fake website where they gathered all of your personal information. It was a well done fake, but had the usual tell-tale signs. See the sample below:

• The actual email address has nothing to do with the company its been “sent” from. The SPAM email may arrive with an account name that looks accurate. “Telstra Billing”, “AustPost E-Tracker” or from a personal name etc. However, if you hover your mouse cursor over the name, you will find the email address will usually not reflect these details. The domain name will generally be completely different. As an example: AustPost E-Tacker <3380328_operasyon@yahoo.com>.  Sometimes if they are really clever, they will have sent the email from a domain that is only slightly misspelt from the real one. Very, very sneaky.
• The email you receive contains a .zip file attachment. Sometimes you may receive an email claiming to be an invoice, statement or perhaps even something from the Australian Federal Police. The attached file may be in a zip file format. This is usually done to enable executable files to be sent via email, as many clients block .exe files. Never open an email attachment from an unknown source. Even if the source is known to you, but the email is unexpected, it is best to show caution.

Of course these days many of the malicious attachment are coming as word documents. Seems harmless enough you might think? These word documents will contain a macro that is set to run once opened and if you don’t have the appropriate security settings enabled in word, to prevent these from automatically running, you are going to be in a world of pain. CryptoLocker kind of pain. I hope you have current backups! (Always a best practice by the way. Backup. Backup. Backup.) If you receive an email and you’re unsure about its validity, check with your IT Support provider. Also, you can always check with the company it’s meant to have come from. Australia Post and many large businesses have websites that list the current scams targeting them & their clients.

These are just a few of the things to keep in the forefront of your mind while sending and receiving your daily emails. Scam emails come in many flavours and the methods are always evolving and changing to try and capture the unsuspecting.

The two top things to take away from this article: Up to date Anti-virus/Anti-malware. Check. Mindfulness. Check.

By staying alert and vigilant your emailing experience should be a much happier one. So all the best and I hope you remain ransomware free for all your days!