Security practices within a business are as much about training employees to be aware of the threat landscape as they are about adopting the right technology.  Even with the most robust security tools in place, an employee can unwittingly infect their computer, or potentially the entire network, with malicious viruses and malware.  The highest percentage of ransomware issues that we see our clients experience result from situations where precautions weren’t taken before opening an email, clicking on a hyperlink included in an email, or visiting a website with malicious intent. We worked with our operations team to put together some helpful tips to keep in mind:

• ALWAYS… check the email “from” field to validate the sender. This “from” address can be easily spoofed. Spoofing is simply a means of disguising an email to make it look like it was sent from someone you know and trust.  You can validate the sender by hovering your mouse over the “from” name field, which will then show you the actual email address of the sender.  If the email address doesn’t match the person or company that believe sent the email, it’s likely a fraudulent email and should be marked as SPAM and deleted.  Also, if the subject line or content in the body of an email makes you question why you received it, or why that particular individual sent it to you, then you should look more closely to confirm the sender before taking any action.  It’s likely that person didn’t really send it to you.

• ALWAYS… check for files with a “double extension”. Although a text file named “safe.txt” is safe, a file called “safe.txt.exe” is not. The key is to closely look at the file name and extension to see it’s being disguised as something safe.  If you ever receive an email with an attachment that you were not expecting, you should look closely at the file name of the attachment before ever deciding to open it.

• ALWAYS… report suspicious emails to your Information Technology support team, or engage them for guidance before proceeding. It’s very important for your IT department to be aware of suspicious activity so they can evaluate the email for potential threats, and also work to prevent malicious emails from entering the network in the future.  It’s best to not simply forward the email, but to call your IT support team to make them aware of the situation so they can provide the proper guidance.

• ALWAYS… look closely at website addresses (URL) that are included in an email. Note that microsoft.comand www.support.microsoft.software are two different domain names (and only the first is real).  Fraudulent websites can have domain names that look legitimate, but are actually created to trick you into believing they are.  By visiting the spammers website, you’re giving them information about your geographic location (calculated based on your IP address), as well as your computer operating system and your browser.  You also run the risk of the website infecting your computer with Malware.   Bottom line, look closely at any URL and hyper link before clicking on them.  If you suspect the website is fraudulent, you should contact your IT support team before just visiting the website.

• DO NOT… open any email attachments that end with .exe, .scr, .bat, .com, or other executable files that you do not recognize. You should also be very cautious about opening MS Word, MS Excel, and Adobe PDF files.  There are several studies that show an increasing number of viruses and malware are being spread through these file types.   Just about any email attachment can be malicious, so you need to be vigilant about opening email attachments.  If you receive an email that you weren’t expecting, even from a person you know, you should be highly critical of whether it is legitimate, and take additional precautions.

• DO NOT… ever click embedded hyperlinks within email messages without first hovering your mouse over them to see where they will take you. By hovering over the hyperlink you will see the URL, which provides detailed information about network domain, website, or network location.  If the URL doesn’t look like it will take you to the appropriate business, website, or Internet location that you would expect, then do NOT click on the link.

• DO NOT… respond or reply to spam in any way. Instead, use should mark the email as “SPAM” or “junk” in your email client, or work with your IT department to make adjustments to your SPAM filter to capture email from this sender in the future. If you don’t subscribe to an email SPAM filter, we recommend you incorporate one into your security practices going forward.  They are sometimes included in your current email service at no additional cost, or can be purchased separately for a very low fee.  A robust SPAM filter is a very inexpensive means of improving your overall security posture by minimizing the potential of threats being accomplished via email.  It’s also great to help unclutter your inbox to allow you to focus on more important emails that require your attention.

• DO NOT… “unsubscribe” – it’s easier to mark the email as “SPAM” or “Junk” than deal with the security risks associated with clicking on the “unsubscribe” link, or responding to an email. There is certainly less risk if you know with a high level of certainty the email sender is trustworthy, but do you really want to take the chance?

5 REASONS WHY UNSUBSCRIBING IS A BAD IDEA:

1. By clicking the link or responding via email you have confirmed to the sender that your email address is both valid and in active use. If the sender is disreputable, the volume of email you receive will most likely go up, not down.
2. By responding to the email, you have positively confirmed that you have opened and read it, and may be slightly interested in the subject matter, whether it’s getting money from a foreign prince, a penny stock tip, or a diet supplement.
3. If your response goes back via email – perhaps the process requires you to reply with the words “unsubscribe,” or the unsubscribe link in the message opens up an email window – then not only have you confirmed that your address is active, but your return email will leak information about your email software too.
4. If your response opens up a browser window then you’re giving away even more about yourself. By visiting the spammer’s website you’re giving them information about your geographic location (calculated based on your IP address), your computer operating system, and your browser.
5. Lastly (and scariest of all), if you visit a website owned by a spammer, you’re giving them a chance to install malware on your computer, even if you don’t click anything.

GSC IT Solutions is here to assist our clients in better understanding the threat landscape and make the appropriate recommendations.  Our help desk is available to provide a timely support and response to your questions, or address any immediate concerns relating to network security and mitigating malicious threats.

Bibliography: KnowBe4 ©2018, Operations Team at GSC IT Solutions