Technology Advisor Blog

Example of an email you should NOT open!

Posted by Ann Westerheim on 6/19/14 2:38 PM

In our last post, we talked about suspicious emails that don't look so suspicious on the surface.  Here is an example of an email to show you what to look for.  In this case, a fake payroll report is being sent.   A busy, distracted person may open this by mistake, or an opportunistic employee may try to open it to sneak a peek at confidential information.  SLOW DOWN and check your mail carefully.  Even with up to date antivirus protection and spam filtering, some emails CAN get through because they are engineered to get through.  This can be a phishing email (trying to get confidential information) or a dangerous virus such as Cryptocker.   Don't open the door!  

describe the image

  1. Multiple random email addresses are listed including some mispellings
  2. The subject line doesn't match what is actually used by this vendor (but this is tough to catch)
  3. The dates don't match - report date vs email "sent" date
  4. The instructions call for the user to download the file from Dropbox and this vendor would never transmit this type of information with consumer file sharing application
  5. The instructions mention Dropbox, but the link says Cubby (a different brand of file sharing)
  6. The link includes a .zip extension which is often used to hide executable files.
  7. There is no corporate email signature or information at the end of the email.
Many things to watch out for, and we thought it would be helpful to point them out.  Please help spread the word by including this in your employee security training. You can click on the image to view a larger version which is easier to read.

Tags: eMail, spam, cryptolocker, Virus

Don't open these (un)suspicious emails!

Posted by Ann Westerheim on 6/13/14 9:03 AM

Stop!We've all heard that we shouldn't open suspicious emails.  They can be phishing scams (attempts to get personal information such as username, password, and account number), or contain viruses.  The problem is, the "bad guys" know we're on the lookout, and the real danger lies in emails that are disguised to not look suspicious.  

There's another round of Cryptolocker going around and this is just about the worst virus you can get.  The virus attacks your files including any files you have on a networked device, and holds them for ransom.   The virus often spreads through emails with very normal (and sometimes enticing) subject lines. 

Here are some of the email subject lines to be on the lookout for: 

  • Scan from a Xerox WorkCentre
  • USPS - Missed package delivery
  • ACH Notification ("ADP Payroll")
  • Voice Message from Unknown Caller
  • Corporate eFax message from "random phone #" - 8 pages
  • Important - New Outlook Settings
  • Dun & Bradstreet Case Number

In some cases the emails look very routine such as a fax or a scan and you can see how easy it would be for someone to open the email on "autopilot".  In other cases, they are designed to entice someone to open something they normally shouldn't have access to like a (fake) payroll report.  

We've covered theses threats in our on-line training, newsletters, blog posts, social media feeds, but it's worth repeating - stay alert when opening email!  When you slow down, you'll see the emails are always a bit off, or they may contain a "zip" attachment.  If something is a bit off, STAY AWAY! It may be a criminal knocking on your door.

Tags: eMail, cryptolocker, Virus

Securing your Business is Easy as 1 2 3

Posted by Ann Westerheim on 11/22/11 9:20 AM

Security LockJust about every day we read about a new computer security breach in the news.  The big events draw a lot of attention and generate the headlines, but small business owners need to stay vigilant too!

It can be overwhelming to try to digest all the available information on computer security.  We like to think about it in three easy steps.

Step 1:  Secure your perimeter.  Think of this as having a wall around your business, a fence, or locked windows and doors.  Your firewall protects you from the Internet by creating a cyber barrier between you and the outside world.  If you picked up an inexpensive router at Staples a few years ago, you should strongly consider upgrading to a business class router.   We highly recommend Sonicwall products, but there are many great choices.  We're also recommending gateway security software to manage the traffic in and out of the network, above and beyond basic firewall protection.  Also, remember that your firewall needs regular firmware upgrades to stay up to date with respect to new threats.

Step 2:  Protect allsystems on your network with Anti-Virus and Anti-Spyware software. The important point is that EVERY system needs active protection (up to date license, dynamic updates multiple times a day).  Do you know that EVERY system is up to date?  Do you have a policy about bringing in systems from home (BYOD - Bring Your Own Device)?  What about guests?  If guests on your network are a factor for you, we strongly recommend installing a separate "sub-net" so that these guests can get Internet access (using your same Internet connection with no extra cost), but they won't be on your main network.  How do you know your guest has up-to-date virus protection?

Step 3:  Keep your applications and operating systems up to date with security patches.  Microsoft routinely releases free updates on "Patch Tuesday", the second Tuesday of the month. Many people are aware of these updates because they're in the news, and your Windows system will prompt you when updates are available.  What people often overlook is that Macs need updates too, and other applications such as Adobe Acrobat, Adobe Flash and Java are also vulnerable to security loopholes and also need to be regularly updated. (And don't forget your smart phone, but this is a whole new topic).

There is no such thing as 100% security.  Even if you do everything "right" there is still a chance that you could have a problem, such as a virus, but with focus on active protection, you greatly reduce your risk and potential for damage.

Remember that security is effectively a "cat and mouse" game.  Vulnerabilities are detected, hackers try to exploit the vulnerabilities, and the security firms try to stay a step ahead.  To protect your small business, remember your "123s":  1. Perimeter, 2. System, 3. Applications.

Tags: Security, Firewall, Virus, Spyware, Patches

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.