E-mail scams are getting more sophisticated, and our clients are increasingly worried about the security of their network, especially around e-mail security. The problem is, you can put as many sophisticated scanners, anti-virus programs and spam filters in place but sometimes a rotten apple will sneak through with the good ones.
The way to ensure that nothing bad happens when that bad e-mail does sneak in is to make sure that company employees are fully aware of good e-mail security practices. To help, we’ve put together a super-simple guide below which you can share with your staff, friends and family.
The 1-Fix E-mail Security guide:
Follow the simple rules below, and you’ll drastically reduce the chance of messing up yours (or your employers) computer systems.
- The sender is crucial – If you don’t recognise the name of the sender, DO NOT open the e-mail. Just delete it.
- Ignore the unexpected – E-mail scams are clever pieces of social engineering, so they will often tell you that “You have a missed parcel” or “You’re due a rebate from HMRC”. If you’re not expecting a parcel, a tax rebate, or any other interesting sounding event then it’s probably a scam. Ignore it completely, unless you’re 100% sure it’s genuine (and then use extra vigilance)
- If you’re asked to open an attachment, don’t! – E-mails are a very easy way for nefarious people to spread viruses, especially when they have a brand new virus that’s not being detected by common anti-virus systems yet. If an e-mail you’re not expecting (or from someone you don’t know well) asks you to open an attachment, DO NOT open it. The most common dangerous e-mail attachments are .zip files – as they can contain executable/virus infected files.
- Don’t click strange links… or any links – To bypass spam and virus filters, the scammers will often send you an e-mail asking you to download a file/document online. DO NOT click these links. It’s also common to see scam financial/shopping e-mails, asking you to click through and confirm your details (these are known as phishing e-mails). Many e-mail security programs will not pick all of these up, and they are made to look just like an official e-mail from Paypal, or Amazon, or your bank. Once again, DO NOT click any links in these e-mails. If you need to visit or check your Paypal account, type the address into the top of your internet browser (www.paypal.com for example) rather than clicking through from an e-mail.
- If the e-mail seems fishy, odd, or too good to be true, then delete it
A real life example of a scammy message:
Just yesterday, a whole raft of our clients started receiving a message like the one below. The interesting thing was that these clients had different anti-spam solutions, and yet the e-mail seemed to get past most of them. We clicked the link and downloaded the file, which we then scanned online – and, as expected, it contained a virus. The scary thing was, this virus was only being picked up by 3 of the top 46 anti-virus systems at that point in time.
That is why end-user vigilance is so important. Had the e-mail been opened, and the virus downloaded, it could have easily infected the entire network.
The e-mail in question:
Subject: Fax messageFax Message [Caller-ID: 1-407-950-4974]http://jared-network.szunyi.com/inbox/get_message . phpYou have received a 3 page fax at Tue, 25 Nov 2014 12:42:51 +0000.* The reference number for this fax is chd_did11-12463408447-10508485403-389.View this fax using your PDF reader.Thank you for using the MyFax service!
Looking at the e-mail, it’s clear that it’s a scam for a couple of reasons:
- The caller ID is a US number (our clients are in the UK)
- None of the clients had Fax to e-mail, and didn’t use MyFax
- The web link is very suspicious – it’s not www.myfax.com/something, but a nonsense sounding address. This is a BIG warning sign!