Email Attacks: Don’t Open that Email

By: Marco
October 9, 2014

Is your email under attack? You’re probably used to the far away calls for help with clearly questionable motives and spotty grammar. Maybe you are even on to the emails with a tracking number or shipping label for a shipment you know nothing about. But what about those emails that say click for a fax or click for a voicemail and have your work email and all the right words, official details and proper formatting.

Malware, short for malicious software, has become increasingly sophisticated. The emails look so official that it’s hard to know what’s safe and what’s not. The one I received notifying me of a fax included a marconet.com fax email address and a series of official-looking information.

In the past week, I have received more than a dozen highly refined click-baiting emails. One of the most interesting ones was a “notification that a background check was run on me” in the last 24 hours. I could click to review and confirm the details of the background check.

With one wrong click, you could disrupt your computer’s operation, allow the gathering of sensitive information or provide access to your device.

Even Opening Emails is Harmful Now
Spammers cannot send you a virus that infects your device when you open it. You need to click on a link to infect your computer. So they are becoming smarter on how to get you to click and constantly inventing new ways, making it impossible for spamware to keep up.

But often they are more interested in verifying your email address so they can sell it. And that’s easier. All it takes is opening an email. Some devices like the iPhone are less prone to malware like viruses and spyware, so you think you are safe. But your email address is still validated because you opened the email. Spammers then sell your email and you receive more phishing emails.

The rapid uptick in click-baiting has made well intentioned marketing emails or emails to large groups to be flagged and put on a black list by a major carrier.

They’re Slipping by Spam Filters
The challenge is that most spam filters only catch – and protect you – from malware they can recognize and receive reports on. These emails are so close to the real ones that it is hard to decipher even as an IT professional which ones are authentic. So, we are seeing even the best software miss many of them.

Take the email I got about the fax last week. Everything looked right. It had the Marco web address, a device number and the fax document number. The format was convincing. So how did I know? I know we do not own the device named in the email. It’s tricky.

I’ve even seen the spammers send an email that looks like it is coming from a friend or family member. The email address looks legitimate and when you open it, it has a short message about “Click to see a picture of what I am up to today” or “Click for a picture from (insert family member’s name).”

What Can You Do?
Here are a few tips we give our employees and our customers:

  • Start with a solid spam filter. While the software may not protect you from all spam, it does catch some and you can report others to the provider.
  • Be on alert. Raise your level of attentiveness and skepticism when checking your email.
  • Ask before you open. Check with the Information Systems or IT Help Desk before opening an email that peaks your curiosity or makes you wonder.
  • Don’t engage in the email. If you were not expecting the email, don’t click, call or reply. Any action could put you at more risk.

In many ways, treat emails like the U.S. Mail. If you did not ask for it, don’t open it. That’s challenging in today’s business world. We get emails from people all the time who want to connect, tell us about a new product or build a relationship. In this time of malware attacks, proceed with caution. You may miss an opportunity to connect with someone new. But, if they are truly well-intentioned, they will find another way – outside of email.

Connect with a Technology Advisor Start the Conversation

Topics: Security