One of our employees received a phishing email today that was so obviously bad, we decided to make an example of it. We had recently written about the importance of email savvy for employees of any company, and how to be skeptical of emails you receive. This example gave us the opportunity to annotate and explain the many ways to spot malicious emails and avoid stepping into those traps.
We’ll begin with the email as we received it. Do you see any indications that the email might be illegitimate?
It may be interesting to forward this article to your coworkers and friends, and compare notes. For example, how long did it take you to spot the first sign that the email may not be for real? How many signs did you see? Which one stood out first?
Here’s the same email with annotations – you can grade your own observations and degree of skepticism against this list:
Dropbox was spelled with parenthesees (i.e. Dropb()x). This is done to try to avoid any email content filters expecting to see these words spelled correctly.
The sender’s name was created to look like it contained the email address information – that’s actually done by Outlook in this case – see #4. It’s also nonsensical. “noreply-banacealert”?
They didn’t misspell the fake email domain the same way twice. Once used parenthesees for the second “O”, the other for the first.
The actual sender’s email address is shown by Outlook in the box. It obviously has nothing to do with Dropbox. Given that it does show a valid-looking email address, it’s safe to assume that the owner of that email address has been compromised. Either they have malware on their computer, or their password is known. On a company email account, this can result in your entire company being blacklisted. This would mean no emails you send would be accepted by other companies using email SPAM filters.
The subject doesn’t make a great deal of sense – a very generic statement. Note #6 though…
The name of the document in the body of the email doesn’t match what’s in the subject.
The name “dropbox” isn’t even capitalized. That shift key must have been pretty heavy.
Hovering over the “CLICK HERE” link reveals the site they want you to visit. It’s obviously not Dropbox. It is however a website that’s been compromised by an attacker, who is using it for criminal purposes – probably without the website’s owner even knowing. ALWAYS check the link before clicking!
So, how did you do? Hopefully you’ll be better at spotting more carefully crafted phishing emails in the future.
What about your company – how confident are you that your web servers aren’t hosting fake sites like the ones linked in the email above? How confident are you that your mail system, and your employee PCs, aren’t silently sending out these sorts of phishing emails? Is your company’s email domain at risk of ending up on a blacklist?
At Nomerel, we provide peace of mind for business owners that their systems are secure and protected against these sorts of risks. Contact us today to learn more!
Security experts will tell you that the last line of defense against cyber attack, especially through email, is the human being. No matter how good your systems are, if someone clicks on the wrong link at the wrong time, it’s game over.
A company called KnowBe4 which does “safe” testing of a company’s employees to see who may need some cyber awareness training, released a list of the top-10 most clicked email subject lines for the second quarter of 2017. The results are a great insight into the tactics used by attackers, who only need to find one person in an organization willing to click their link.
The list is summarized below, with the percentage of people who clicked on links contained in emails with these subjects:
Security Alert – 21%
Revised Vacation & Sick Time Policy – 14%
UPS Label Delivery 1ZBE312TNY00015011 – 10%
BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
A Delivery Attempt was made – 10%
All Employees: Update your Healthcare Info – 9%
Change of Password Required Immediately – 8%
Password Check Required Immediately – 7%
Unusual sign-in activity – 6%
Urgent Action Required – 6%
What complicates matters even further is that many people believe emails which come from people they trust are therefore trustworthy. Unfortunately, nobody checks your ID’s when sending email on the internet. An attacker (or indeed anyone) can pretend they’re sending an email as anyone else, with ease.
The lesson of course is that it’s better to be safe than sorry! We always reinforce the points below regarding safe email practices for employees:
Be skeptical about emails in general
Pay more attention to shady subjects than who the sender is
Train yourself on how to spot “bait” in email subjects or website links
Train yourself to look at the full email address, not just the name, to spot fakers
Today’s news of the Petya cyber attack in the Ukraine and Europe was a predictable follow-up to the WannaCry cryptoware outbreak from earlier this year. As security vendor Palo Alto notes, the method used by Petya is exactly the same as WannaCry, and can be dealt with using the same measures.
While the perpetrators of WannaCry tripped on their own shoelaces, another wave of similar attacks – relying on un-patched computers – seemed inevitable. Preying on vulnerable computers faster than companies can protect them is a part of the new cyber crime economy. This naturally creates a tremendous risk to small business owners, who seldom have the time or skills necessary to stay ahead of the game. After all, even the largest organizations seem to struggle with patching their computers.
You may be interested in the guidance from our article outlining considerations for cryptoware in business terms. That article was written in May, regarding the WannaCry outbreak.
Writing about the massive outbreak last month, we said that companies deserve a simple answer to the question “are my systems free from this risk?” So we’ve decided to renew our offer to help you answer that question.
For any company who needs it, we’ll provide a free, zero-obligation analysis of your systems’ vulnerability to the WannaCry ransomware outbreak.
You can schedule a visit with us at our online booking page at this link. We’ll come out and run a tool we’ve made available to ascertain the health of any given Windows computer.
Our customers are protected from the exploits used by both WannaCry and Petya, unlike hundreds of thousands of other entities around the world. We’d love the opportunity to help you, even if it’s in a small way, be confident that this issue won’t affect you either.
The outbreak of WannaCry (a.k.a. WannaCrypt or WCry) over the past few days is still making global headlines. In the media rush to cover the story, there has been a lot of mis-information being repeated. For example, some people believe that if they’re on a newer version of Windows, they’re safe. However, even Microsoft advises applying a series of patches (released in March) to ensure this vulnerability is closed. It’s not easy to know who or what to believe. We think that companies deserve a simple answer to the question “are my systems free from this risk?”
That’s why we’re offering to any company who needs it, a free, zero-obligation analysis of your systems’ vulnerability to the WannaCry ransomware outbreak. All you have to do is email or call us to set up a quick appointment.We’ll schedule a time to briefly discuss your systems, and run a tool we’ve made available to ascertain the health of any given Windows computer.
During a panel discussion on the talk radio show “1A” this morning, guest Michael Greenberger (Founder and director, University of Maryland Center for Health and Homeland Security) clearly noted the problem facing virtually every small company when faced with these sorts of I.T. challenges:
“The other thing that’s gotta be remembered, and we’re seeing in real-world practices, not everybody protecting their network is a Fortune 500 company. You’ve got a lot of small businesses out there, who just do not have the resources – even if they’re told this is what you must do – they are so far outside the capability of doing it, that they’re just not going to do it.”
(You can hear this part of the segment at around the 19-minute mark at the link)
Our customers’ weren’t interrupted on Mother’s Day to deal with the WannaCry ransomware problem, unlike hundreds of thousands of other entities around the world. We’d love the opportunity to help you, even if it’s in a small way, be confident that this issue won’t affect you either.
The news media has made “WannaCry” a household name over the weekend, to the joy and fear of I.T. pros everywhere. On one hand, techies have a great opportunity to talk about managing risks and presenting their lovely solutions! On the other hand, they’re dealing with things that distract from your core mission – running a business.
Over the coming weeks, we’ll be discussing the WannaCry outbreak with our MSP customers as part of our Virtual CIO offering. We’re going to be re-checking that each customer has a specific plan, appropriate to their needs, for dealing with these types of risks. Of course, this is just the latest example of how malware and ransomware have organizations losing sleep, so our discussions will involve the broader subject of protecting against cyber risks. Through those discussions, we’ll be helping customers to answer some of the following questions – maybe they can help you think about your own I.T. situation:
Should you just pay the ransom?
Could your backups be locked out too? If so, how do you restore?
Are your systems being patched and updated, reliably?
Do employees know how to be skeptical of email and attachments?
If you do need to revert to backups, how long will you be down? What are you actually restoring?
Once a computer has been infected, can you ever really trust it again?
We’re confident that the systems we put in place for customers will provide a solid foundation upon which they can make business decisions for dealing with these situations. How about yours?
Sometimes pundits will offer flippant responses to the question of “what do we do when we get hit?” such as restore from your last good backup, make sure you have good email filtering and anti-malware installed, be on current versions of software and always patch. These are merely platitudes.
In short, business leaders need to realize that any malware event like WannaCry is bad news. It means lost revenue, lost productivity, and lost profit. It means your business isn’t able to run. It means employees moods will worsen. Even if you have great backups, even if you have great tools, even if you don’t have to pay the ransom, the impacts are real.
Companies who plan accordingly, who implement smart protective measures, and who are able to stay on top of their systems will have a competitive advantage in their market. The less of your time and money you have to spend to gain this advantage, the better off you will be.
Nomerel can help companies of any size obtain the peace-of-mind that comes from having good systems, well implemented, and a solid plan in-place to minimize disruptions – from WannaCry, or any other form of malware. See how we can help you out as well.
Recent Comments