Technology Advisor Blog

Example of an email you should NOT open!

Posted by Ann Westerheim on 6/19/14 2:38 PM

In our last post, we talked about suspicious emails that don't look so suspicious on the surface.  Here is an example of an email to show you what to look for.  In this case, a fake payroll report is being sent.   A busy, distracted person may open this by mistake, or an opportunistic employee may try to open it to sneak a peek at confidential information.  SLOW DOWN and check your mail carefully.  Even with up to date antivirus protection and spam filtering, some emails CAN get through because they are engineered to get through.  This can be a phishing email (trying to get confidential information) or a dangerous virus such as Cryptocker.   Don't open the door!  

describe the image

  1. Multiple random email addresses are listed including some mispellings
  2. The subject line doesn't match what is actually used by this vendor (but this is tough to catch)
  3. The dates don't match - report date vs email "sent" date
  4. The instructions call for the user to download the file from Dropbox and this vendor would never transmit this type of information with consumer file sharing application
  5. The instructions mention Dropbox, but the link says Cubby (a different brand of file sharing)
  6. The link includes a .zip extension which is often used to hide executable files.
  7. There is no corporate email signature or information at the end of the email.
Many things to watch out for, and we thought it would be helpful to point them out.  Please help spread the word by including this in your employee security training. You can click on the image to view a larger version which is easier to read.

Tags: eMail, spam, cryptolocker, Virus

Don't open these (un)suspicious emails!

Posted by Ann Westerheim on 6/13/14 9:03 AM

Stop!We've all heard that we shouldn't open suspicious emails.  They can be phishing scams (attempts to get personal information such as username, password, and account number), or contain viruses.  The problem is, the "bad guys" know we're on the lookout, and the real danger lies in emails that are disguised to not look suspicious.  

There's another round of Cryptolocker going around and this is just about the worst virus you can get.  The virus attacks your files including any files you have on a networked device, and holds them for ransom.   The virus often spreads through emails with very normal (and sometimes enticing) subject lines. 

Here are some of the email subject lines to be on the lookout for: 

  • Scan from a Xerox WorkCentre
  • USPS - Missed package delivery
  • ACH Notification ("ADP Payroll")
  • Voice Message from Unknown Caller
  • Corporate eFax message from "random phone #" - 8 pages
  • Important - New Outlook Settings
  • Dun & Bradstreet Case Number

In some cases the emails look very routine such as a fax or a scan and you can see how easy it would be for someone to open the email on "autopilot".  In other cases, they are designed to entice someone to open something they normally shouldn't have access to like a (fake) payroll report.  

We've covered theses threats in our on-line training, newsletters, blog posts, social media feeds, but it's worth repeating - stay alert when opening email!  When you slow down, you'll see the emails are always a bit off, or they may contain a "zip" attachment.  If something is a bit off, STAY AWAY! It may be a criminal knocking on your door.

Tags: eMail, cryptolocker, Virus

Cryptolocker may be lurking in that email - Don't open it!

Posted by Ann Westerheim on 2/3/14 5:12 PM

Don't let Cryptolocker in!Many viruses are embedded in email attachments designed to get through even multiple layers of security.  CryptoLocker is one of the worst viruses seen in years and it only takes ONE message to get through to cause a lot of damage, and the “bad guys” have developed sophisticated techniques to get around your antivirus protection. 

All users are advised to be extremely cautious when opening email attachments.  Typically, the incoming email is a "spoofed" email pretending to be from a reputable source such as UPS, Xerox, ADP, Verizon, Dun and Bradstreet and others.  The subjects of the emails are socially engineered to trick people into opening them.  Some the subjects include:

  • Scan from a Xerox WorkCentre
  • USPS - Missed package delivery
  • ACH Notification ("ADP Payroll")
  • Voice Message from Unknown Caller
  • Corporate eFax message from "random phone #" - 8 pages
  • Important - New Outlook Settings
  • Dun & Bradstreet Case Number

As you can see from these subjects, during a busy work day, it would be very easy to quickly open one of these emails and open the attachment.  You may think the email is for you (from your scanner, efax, or service provider), or perhaps a curious employee would be enticed to peek at a confidential file.  The problem is, by opening the email, even with Antivirus protection in place, you have effectively opened the door for the virus directly.  

When Cryptolocker is launched, your files will be encrypted (including files on mapped drives), and a while later after the damage is done, you'll see a pop up warning asking for a payment to restore your files.   We strongly advise against paying the ransom.   You would be giving money directly to criminals, and only encouraging them to do more damage.  Instead, we advise cleaning the system and restoring files from a good backup (make sure you have a solid backup!).  

Slow down, and carefully check out the emails before opening them.  For example, you may use an eFax service or scan with a Xerox scanner, but the subjects are usually a bit off if you look closely.  Also Microsoft never sends unsolicited mail.

Spam filtering,  antivirus protection, and perimeter security all help, but it only takes one message to get through and create a LOT of damage.  When you open the email attachment, it's effectively like letting the thief in the front door after the doorbell rings.

Please help spread the word to all users in your organization.  Education is the first line of defense for all security.

Tags: eMail, Security, cryptolocker, antivirus

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.