By: Brian DeVault

Hackers have become very good at what they do. The email chains that they send have become more advanced to the point you believe they are sent from a reputable source. They can have graphics and artwork that look identical to your business and maybe even have the same name as your boss’s email. Do not be fooled and always remember that a legit email will never ask you to enter your password or send sensitive information to them, unless you just did a password reset yourself, in which case you will be expecting this email.

View Video Transcript

Ransomware/Malware

There are a number of avenues ransomware can take to access a computer. One of the most common delivery systems is phishing, which is spam attachments that come to the victim in an email, disguised as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer. 

There are several things that malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files. The most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker. In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a ine, perhaps to make victims less likely to report the attack to authorities.

Phishing Attacks

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day  and they’re often successful. The FBI’s Internet Crime Complaint Center reported that $57 million was lost in 1 year due to phishing attacks.

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message. Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:

  • Say they’ve noticed some suspicious activity or log-in attempts
  • Claim there’s a problem with your account or your payment information
  • Say you must confirm some personal information
  • Include a fake invoice
  • Ask you to click on a link to make a payment
  • Say you’re eligible to register for a government refund
  • Offer a coupon for free merchandise

Safe Email

With all the sneaky ways hackers attack, it may seem impossible to distinguish between suspicious emails and legitimate messages. However, there is an easy way to tell if email attachments are safe that works the majority of the time. You can tell if an email attachment is safe by assessing the file extension.

A file extension is the three letters that follow the period at the end of the file name. Microsoft has classified several types of dangerous extensions, however only a few are considered safe. These are GIF, JPG or JPEG, TIF or TIFF, MPG or MPEG, MP3 and WAV. These extensions represent different file types and are the formats that the majority of internet users tend to send as email attachments.

If you receive an email, even if it is from a friend or a bank, that does not have one of the file extensions listed above after the file name and subsequent period, you should never open the attachment unless you know for certain that it is legitimate. Other file extensions that are commonly sent as email attachments such as DOC, XLS and TXT, which represent text documents and Excel files, can be infected with the worst computer viruses. However, many users send these types of documents for work-related reasons, and if you know the sender and you are expecting the file or know what it’s about, these attachments should be safe to open as well.

Finally, you should be exceptionally wary of files with double extensions, such as image.gif.exe. The only extension that matters is the last one. In the example above, EXE represents an executable file that will automatically run software upon download. Files with double extensions are almost always deceptive and malicious in intent.

Train Your Staff

Train employees to recognize when phone calls or emails come with red flags that could indicate a hacking attempt. While many of your staff members may realize that anyone who asks for an account password over email is a potential hacker, they may not realize that someone casually inquiring for their date of birth or the name of a spouse could be trying to gain account access. Any information that could be part of an employee password interests a hacker. All a hacker needs to do is guess one staff member’s password, and obtain their work email address, to infiltrate your network. 

Your staff should also understand the danger of clicking on a link in a suspicious email. Even if your employee does not complete a form, download an asset, or otherwise take action, following the link alone could expose your business by triggering malicious code. The code can then scan the individual’s computer for sensitive information, passing it along to a hacker. 

It’s important to train every staff member on the threat of cyber crime. An attacker may spend weeks researching their target online, creating a phony website, and crafting an email. Busy executives and their personal assistants may unwittingly fall prey to a well-executed hacking attack. Hiring a Managed Service Provider is a great option to assist you with putting a plan in motion to have your entire team on the same page with hacking red flags and set up training for you to ease your workload. If you are interested, call NETRIO at 214-888-8500.

This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.