In today’s bring-your-own-device (BYOD) world, cybersecurity is a very tall task. In fact, a report from March of this year showed that an estimated 390,000 new malware programs are created every day. In the face of this constantly evolving threat landscape, the question of how companies can avoid malware comes up quite often. The answer is a lot simpler than most people believe.
An August 2016 study by Malwarebytes revealed that nearly 40% of businesses had experienced a ransomware attack in the past year, and that 46% of all successful ransomware attacks originated from email. In addition to implementing technical solutions like configuring anti-spam for email servers, providing employees with security awareness training around how to identify malware and phishing attempts will make your organization much more resilient. Here are our top 5 best practices for spotting malicious email.
Pay extra attention to email with attachments
Ransomware distributors will commonly try to deliver their malware payload by tricking people into opening an attached document named something innocuous like “Invoice” or “Resume.” As with the infamous Trojan horse, when you open an attachment, you also expose yourself to any malicious content hidden inside. To protect yourself, follow this general rule of thumb: If you were not expecting an attachment, don’t open it.
Don’t click on links
In addition to attachments, fake links are a common method of delivering malware to a user’s computer. Fortunately, these are quite easy to spot. By hovering your mouse over a link or image (but not clicking it), you can see where the link is really trying to send you. If the domain in the link does not match that of a trusted site, don’t click.
Beware of urgent language
Let’s face it, fear sells. With this in mind, malware emails will often contain threatening or urgent language to get you to act without thinking. Examples include claiming that you owe money by a quickly approaching deadline or stating that your account has been compromised. If you receive an email like this, don’t click any of the links it contains—instead, open your web browser, go to the website that the email claims to be representing and log in to verify the veracity of the information.
Check the sender
Spoofing—a method of faking an email’s “From” field—is a common technique used by today’s scammers. Just because an email appears to have been sent by someone you trust, this does not mean the message actually came from that individual. To determine whether an email originated from its purported source, you can check the information in the email header (metadata behind an email). This may be a bit complicated for most users, so we advise consulting your IT department if you suspect an email is spoofed. You can also sometimes use a simpler method of hovering over the “from” address and seeing if the text box popup matches the domain your sender is from. Usually, with a phishing scam, it will be a long, nonsensical email address.
Look for grammar and spelling errors
Malware and phishing compose a global industry, and this makes it possible to identify fraudulent emails simply based on their wording. People tend to review legitimate business emails to correct mistakes before sending, so the presence of simple errors can be a great tip-off that something isn’t right.
Ultimately, spotting malicious emails is a matter of diligence and awareness. To protect yourself and your employer, it’s important to understand what a scam email looks like and how to avoid falling victim to the tricks outlined above. Be critical of every email you receive, and if in doubt, consult your IT department or MSP- that’s why we’re here!. Remember, it only takes one click to infect a network and cause thousands of dollars in damage.