The bad guys are everywhere. After reading a KnowBe4.com whitepaper, I realized that “Generation Five” cybercriminals have reached a new apex.
Malware can be licensed and receive tech support. Hackers can rent botnets by the hour for their own crime sprees. Cybercrime has evolved from teenagers writing viruses to worms like NetSky to the most recent and best versions of ransomware.
Socially engineered malware is commonplace, and employees who use computers are targets. It has a benign appearance and looks legitimate, but anyone who opens the email and clicks on a link could fall victim to the most recent viruses. Phishing emails are an example of social engineering.
Apogee IT Services focuses on sharing the importance user-awareness training. Here is a graphic showing 10 ways to spot a malware-infested email:
- You don’t recognize the email address, or you know the person, but the email seems out-of-character.
- The email appears to come from a well-known company but is altered or suspicious (www.micorsoft-support.com or www.bankofarnerica.com).
Other common examples are domains with Facebook, Kohl’s, Google, Amazon, eBay and PayPal. LinkedIn connection requests can be suspicious. Beware if you never submitted a ticket for support or requested anything from these companies.
- The email was sent to you at an unusual time.
- The email contains attachments – even ones that look OK, like Word docs or PDFs.
The only attachments that are guaranteed to be OK, according to KnowBe4.com, are .txt files.
- The email begins with a vague salutation or seems to be sales-y.
- There are misspellings or incorrect grammar in the subject line or in the body of the email.
- The company has threatened to block your account permanently, report you to authorities, or is offering you something of value.
- There are links in the body of the email.
Sometimes, the link appears with other text. Other times, it is the only thing that appears in the email.
- URLs that appear differently when you hover over the link.
Sometimes, it’ll be one different character. Be careful not to click on them!
- The email contains a logo from the same popular company, possibly embedded with a link that would take you to a scam site or download a virus.
There are phishing phone calls, too. They may operate in a similar fashion by trying to sell you a software license or threatening you until you provide them a username and password or other account information.
What to do if you receive a phishing or spear phishing email?
Don’t click on anything. Mark the email as junk and then report it as a phishing scam or junk, depending on the email tool you’re using. When in doubt, don’t open, mark as junk, and delete. If you’re not sure, verify the suspicious email with the sender via a different email. They can confirm that the email, attachment or link was from them, or that it wasn’t.
Why is Internet security training important?
When an organization has a thoughtful, well-designed, well-implemented and well-managed IT security profile, the easiest way for hackers to attack is to get help from end users – your employees. A recent CompTIA survey reported that human error –U.S. business leaders rank it as a low concern – is the largest factor behind security breaches. And yet, companies continue to underinvest in security training, risk assessments and developing clear security policies. Today, 54 percent of companies offer cybersecurity training.