With a rise in the number of email scams and viruses affecting the security of company networks and accounts, we thought it was time to review some of the top threats and how to avoid them.
Australia Post Email Virus August 2014
This is a very recent threat which has emerged in the last couple of weeks. We have emailed a number of our customers specifically warning them of the threat this virus poses.
The attackers send emails to businesses and individuals telling them they have an undelivered parcel awaiting collection. They are asked to click a link to download the information needed to retrieve the parcel from the post office.
However, once the link is clicked, a virus is downloaded to your system and this virus (called 'ransomware') encrypts all your data and holds it hostage until you pay a fee to the attacker who will give you the unlock code.
The only way out of not paying the fee is to restore your data from a backup.
Ransomware is particularly vicious because virus scanners cannot always pick up the viruses' patterns until it's too late. So data ends up encrypted and locked up before the virus is stopped by the anti-virus.
Software and Utilities Scams Mid 2014
This scam is similar to the above scam from attackers imitating Australia Post. But in this case they imitate Utility providers such as Energy Australia (NSW) or Aurora (TAS), and attempt to get you to click a link. The email often warns of disconnection or overdue accounts. When you click the link a variant of a virus installs on your system.
Similar emails have been seen from software providers asking for you to click a link.
Invoice Scam June 2014
This scam is where attackers send you a bill for goods and services that haven't been ordered. Commonly the bill will be for advertisements or entries in magazines or directories, or for the renewal of domain names (internet) similar to the ones used by the business.
The invoices may also be for products and services similar to the ones the business uses. For example if the business is in the medical field, they may receive bills for medical products and services.
They are relying on the receiver not cross-checking the invoice with the products (i.e. poor accounts procedures). Money paid to these attackers ends up off-shore and impossible to retrieve. Additionally if paid by credit card, the attackers attempt to capture the user's credit card details and sells them on the black market.
Ways to Avoid These Threats
1. Always run an up to date commercial grade anti-virus system. This will help prevent most types of virus infections by email
2. Use junk filtering systems. This will help detect emails which are obvious junk including some scam emails and move them out of the inbox. There are specialised systems, but even Microsoft Outlook's junk filtering can be effective if implemented properly.
3. Staff education. Your staff are the ones who are exposed to these email threats. Proper and regular education can help your staff identify email threats and prevent attacks.
As part of our IT Support/Managed Services, we provide IT security services to mitigate these threats, we also regularly send emails to help educate your staff of current threats.
If you would like any more information, or any help with upcoming IT projects please let us know.