Did you know that malware can often come in the form of an email that is disguised to look legitimate? Hackers can send emails that appear to be from a vendor you regularly communicate with, or even your boss. The most important thing to understand about a malware attack is that it almost always requires an action by the user to infect the system. Meaning that someone has to actually click a link, open an attachment, or visit an infected website in order for malware to infect their network. To make matters worse, not all spam and email filtering are able to catch malicious emails, so one of the best ways to defend against malware is user education and being able to recognize a fishy email. Here are 5 things you can look out for:
- URL Rewrite: When a virus is disguised as a seemingly legitimate link, if you hover over the link, does the URL match the link? If it doesn’t, DON’T CLICK ON IT! Hackers can “Rewrite” a URL Link so that it looks like you are clicking on a legitimate link, but then it will re-direct you to malicious content.
- No Signature: If an email is lacking any kind of signature, contact info, or accountability, you should be suspicious. Hackers don’t want you to be able to trace the email back to them, so they will generally not provide any contact information. Legitimate emails will always have a signature and contact information at the bottom.
- Misspellings and Bad Grammar: Usually, hackers are in foreign nations, where English is typically not their first language. So, if there are any weird grammatical errors, or strange misspellings, DON’T CLICK ON IT! Hackers will often try to imitate legitimate companies such as Microsoft or Bank of America, but if the domain is spelled wrong, it could be malware. for instance: http://miicrosoft.com or http://bankoofamerica.com
- Pop Ups: Some malware will be disguised as a Java update, or a Microsoft update, however legitimate updates will rarely ever be prompted by a pop-up window. Any Microsoft updates will appear in the task bar, not a pop up window.
- Tracking information for packages you did not order: If you get an email from UPS, FedEx, or any other company about a package that you did not order, do not click on any links or tracking information. Hackers will play to people’s natural curiosities and disguise malware links as tracking information.
- HR and Hiring Managers take note: We at Pyramid Technologies have seen a rise of malware specifically targeting HR departments or hiring managers. If you are posting jobs openings online with your direct email information be careful when opening up attachments. It’s fairly common for an email from a perspective employee to contain a resume attachment as either a .doc or .pdf file and maybe a matching cover letter. However, if when you open the document you get a message telling you that you are unable to view the message until you enable macros, followed by instructions on how to enable macros in Microsoft Word- CLOSE OUT OF IT IMMEDIATELY. This is a tactic used to try and infect your computer with a virus or malware by having you enable something on your system that will allow a function in the word file to execute. Save the email and contact us immediately so we may further investigate the source and better protect you.
These may seem basic, but there are lots of people who may not be aware. Educate yourself and the other users in your company on how to spot malware, and always follow this rule of thumb: If you weren’t expecting that email, DON’T CLICK ON IT!!!!
If you do click on a suspicious link and nothing bad happens immediately, it does not mean you are safe. A lot of malware will open a backdoor or sit idle collecting information like passwords or scan your network looking for vulnerabilities preparing for a later attack or waiting for the right information to steal critical information like employee or client records, credit card information or even bank account logins and passwords. Make sure that in addition to educating yourself, you also have proper security measures in place like email filtering, monitoring, and backups.
If you’ve got questions or feedback, please feel free to comment or send us a message here on Facebook!