Unfortunately, human beings communicating by e-mail often turns out to be the weakest link in your network’s defenses. That’s why cyber-criminals often rely on spamming to inject their toxic code into their victims’ computers. And, just as malware is becoming ever more potent, so are the tactics used by spammers to dupe the unwary. All of which is to say…
Spam may pose the greatest threat to your data.
So what tactics are spammers using these days to deliver their malicious payloads?
The ruse of appearing as a credible sender with an urgent and alarming inquiry, such as an overdue notice from the IRS, or an e-mail from a familiar-looking vendor with an attached invoice asking why payment wasn’t made, can trigger an emotional response in even the most cool-headed of today’s harried e-mail recipients.
Attached files now carry familiar extensions, such as *.rar, *.zip, *.gif, *.tiff, *.docx, *.pdf, *.png and *.jpg, and the message may seem like it’s all part of a day’s correspondence. In a recent typical scenario, an HR manager at an expanding company had asked several job candidates to e-mail her their résumés. Within minutes after clicking on what she thought was a résumé, all her data was encrypted and she was faced with a ransom message demanding $800 to unlock it.
Outrageous? Yes.
And, unfortunately, all too common. Spam may well be THE weapon of choice for cyber-criminals because it can be so devastatingly effective against unwary victims.
What’s particularly troubling is that the malware it delivers via booby-trapped e-mails can infect not only the victim’s machine, but the entire network as well. And once installed, it can be very hard to detect.
So, what can you and your IT manager or consultant do about it?
Here are four ways to “FITE” back:
- Filter. Performance varies widely among spam filters. Look for the highest degree of accuracy in identifying spam, with the least number of false positives. You also want a filter that’s easy to use and won’t bog down your system.
- Identify. Watch for tip-offs that an e-mail may be spam if 1) you don’t know the sender, 2) you’re asked for a password, money or account information, or 3) you detect anything fishy about the sender, subject line or body of the e-mail.
- Think before taking action. If you don’t know the sender, don’t even open the e-mail. By opening a spam e-mail, you are signaling to the sender that your e-mail address is active. More spam is sure to follow.
If the e-mail looks at all suspicious, DO NOT CLICK any links or download any documents. If it’s obviously spam, delete it or mark it as spam. If you’re not sure, verify with the sender by separate e-mail or phone call before clicking or downloading anything.
Keep your e-mail address private and read privacy statements before revealing it. Use an alias when providing your e-mail address to commercial sites to keep your personal address from being shared.
- Educate. Don’t let untrained users into your network who are not aware of the dangers of e-mail spam. Train your team in best practices. Remember, they’ll benefit as well. After all, who wants to lose an important personal document or family photo due to an ill-advised click?
As spammers become more sophisticated, the threat goes beyond mere annoyance. Your company’s data and financial security are at risk. Now is the time to update your spam protection practices – it’s far less costly than dealing with the aftermath of an attack.
When was the last time your company’s spam protection program had a checkup? Don’t wait until there’s a very expensive problem or devastating loss – contact us today!
