The evolution of junk mail and the modern spam filter

Like most of you, I get the regular “junk” through the post office. It comes in various forms: free money, credit card offers, high interest loans, and timeshares. I recognize these instantly (usually without even opening the envelope) and they go straight into garbage. Over time we have all developed the ability to distinguish the legitimate mail from the not-so-legitimate and take the appropriate action. The digital world is not much different if you know what to look for. The problem with the digital world is if you even just open the email or attachment, you could set the wheels in motion for a bad day.
The primary motivation behind sending you email with malicious attachments is money, plain and simple. Once you open the attachment you thought was legitimate, software is installed on your computer. You will not see the software (virus, malware) being installed or even notified it has happened.   Depending on the virus, the objectives could be one of the following:

  1. Steal your identity: They can track your passwords as you type them into banking websites, copy credit card and personal information you have on your computer and steal that information.
  2. Take control: Not in a traditional sense, but your computer can then be used to attack other targets or send out more email to other people to try to infect their computers
  3. Ransomware: This is the latest and most devastating virus to be created.   It essentially makes all of your files unusable until you pay the “Ransom” to get your files back. Not only does it make your personal files unusable, but every file on the network that you have access to. This can bring a company to a standstill. Without good backups, the ransom must be paid and still there is no guarantee you can get all of the information back.
  4. Payment Request: This doesn’t necessarily install software on your computer, but it usually targets the financial employees of the company. It makes the email look like it comes from a large vendor or an officer of the company requesting a wire transfer of money.

So how do we identify what is legitimate and what is not? Most of the emails will look legitimate in the sense that it looks like it is a fax or an email coming from UPS. Here are some guidelines to go by:

  1. If you are not expecting the email attachment, do not open it.   If I received a Word document from my lawyer out of the blue without any context in the email, I would either call him or send him an email to verify it is legitimate. Same goes for UPS emails. Did you ship something? If so, UPS will not attach files to an email. Go to their website and check the status of the shipment.
  2. If it doesn’t look right, it probably isn’t.
  3. If you get a request for a wire transfer, pick up the phone and call the person to verify.
  4. If there is a link in the email to a web page, hover your mouse over the link to show the actual website it is linking to. Make sure the website is a well-known site before clicking on it.
  5. When in doubt, ask. Forward the email to service@it360.biz and we can take a look at it for you.   We will let you know if the email is valid or not.

Common sense and being somewhat guarded will go a long way in keeping your computer and information safe.
Don Dawson
President
IT360, Inc.
 
 
 

President, Manufacturing Company

We are high speed and wireless with computer systems for everything we do. I do not worry at all because it has not been an issue since IT360 became a part of our company.

President, Manufacturing Company

Recent
Technology News

IT 360 News
Five Signs of Social Engineering

Social engineering can come in many different forms: via email, websites, voice calls, SMS messages, social media and even fax. If it is a communication method, scammers and criminals are going to try to abuse it. Although the communication’s method may vary, the message the scammer is trying to convey has five traits in common. […]

Read more
IT 360 News
79% of Employees Have Knowingly Engaged in Risky Online Activities in the Past Year

With employees not believing that it’s important to personally worry about cyber security risks, they also tend to believe they’re not a target, new data suggest as the reason for the risky behavior. In most cyberattacks, the employee plays some role – clicking on a malicious attachment, giving up their corporate credentials to an impersonated […]

Read more