The evolution of junk mail and the modern spam filter
Like most of you, I get the regular “junk” through the post office. It comes in various forms: free money, credit card offers, high interest loans, and timeshares. I recognize these instantly (usually without even opening the envelope) and they go straight into garbage. Over time we have all developed the ability to distinguish the legitimate mail from the not-so-legitimate and take the appropriate action. The digital world is not much different if you know what to look for. The problem with the digital world is if you even just open the email or attachment, you could set the wheels in motion for a bad day.
The primary motivation behind sending you email with malicious attachments is money, plain and simple. Once you open the attachment you thought was legitimate, software is installed on your computer. You will not see the software (virus, malware) being installed or even notified it has happened. Depending on the virus, the objectives could be one of the following:
- Steal your identity: They can track your passwords as you type them into banking websites, copy credit card and personal information you have on your computer and steal that information.
- Take control: Not in a traditional sense, but your computer can then be used to attack other targets or send out more email to other people to try to infect their computers
- Ransomware: This is the latest and most devastating virus to be created. It essentially makes all of your files unusable until you pay the “Ransom” to get your files back. Not only does it make your personal files unusable, but every file on the network that you have access to. This can bring a company to a standstill. Without good backups, the ransom must be paid and still there is no guarantee you can get all of the information back.
- Payment Request: This doesn’t necessarily install software on your computer, but it usually targets the financial employees of the company. It makes the email look like it comes from a large vendor or an officer of the company requesting a wire transfer of money.
So how do we identify what is legitimate and what is not? Most of the emails will look legitimate in the sense that it looks like it is a fax or an email coming from UPS. Here are some guidelines to go by:
- If you are not expecting the email attachment, do not open it. If I received a Word document from my lawyer out of the blue without any context in the email, I would either call him or send him an email to verify it is legitimate. Same goes for UPS emails. Did you ship something? If so, UPS will not attach files to an email. Go to their website and check the status of the shipment.
- If it doesn’t look right, it probably isn’t.
- If you get a request for a wire transfer, pick up the phone and call the person to verify.
- If there is a link in the email to a web page, hover your mouse over the link to show the actual website it is linking to. Make sure the website is a well-known site before clicking on it.
- When in doubt, ask. Forward the email to firstname.lastname@example.org and we can take a look at it for you. We will let you know if the email is valid or not.
Common sense and being somewhat guarded will go a long way in keeping your computer and information safe.