Phishing attacks aren't just increasing, they are evolving.
According to IBM’s X-Force researchers, not only is the number of spam emails rapidly increasing, it's currently estimated that more than half of all emails are spam and that the number of spam emails containing malicious attachments is also on a dramatic rise.
For many companies, that increase is reinforcing the realisation that spam isn't just a pain, it's one of the primary delivery mechanisms for attacks, and therefore a direct threat to their organisation.
- According to Symantec, the global spam rate increased multi-fold and accounted for 54.3 percent of emails in 2017
- 100 new strains of malware entered the market in 2017, and this is about three times more than what was seen in 2016
- A review by IBM security shows that the number of ransomware messages went up by a huge 6000%
- Email phishingis the No. 1 vehicle for ransomware and malware attack. Vade Secure estimates that 91% of all malware is delivered through emails
In a nutshell, emails can be dangerous. Reading the contents of an email should be safe if you have the latest security patches, but email attachments can be harmful. Any type of file can be attached to an email, including .exe program files.
Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t simply rely on this;
Common Warning Signs
1. Look at the File extension
In general, you should only open files with attachments that you know are safe.
The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened.
However, .exe isn’t the only type of dangerous file extension. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf,.cpl, .jar and more. This is not an exhaustive list — there are many different file extensions in Windows that will run code on your computer when executed.
Office files with macros are also potentially dangerous. If an Office document extension ends with an ‘m’, it probably contains macros. For example, .docx, .xlsx, and .pptx should be safe, while .docm, .xlsm, and .pptm can contain macros and can be harmful. However, some businesses use macro-enabled documents so make sure you know if your organisation does.
2. Take note of the antivirus alerts
If you’re using a webmail service like Gmail, Outlook.com, or Yahoo! Mail, your webmail service will automatically scan incoming attachments for malware and inform you if the attachments are dangerous. Of course, if you see a warning that an attachment is malicious, you should not download it. The text of the email may ask you to ignore any problems and assure you that the attachment is actually fine, but do not risk it.
If you download an email attachment and your desktop antivirus program flags it, stop right there. Don’t click through the warning and run it anyway — trust your antivirus program more than the email attachment.
3. Who is the sender?
Looking at who an email was sent by can help you identify whether an email attachment is malicious or not. BUT an attachment can be malicious even if you know the sender! If they’ve become infected, a malware program may send you emails from their email address, disguised as emails they’d send.
If you get an email from someone you don’t know with a questionable-looking attachment, it’s probably malware. If you receive a macro-enabled Office document from someone you’re not expecting one from, exercise extreme caution.
4. Be suspicious
When it comes to email attachments, you should exercise extreme caution and assume the worst. Don’t download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion. If it’s an image attachment, that’s probably okay. PDFs should be okay if you have the latest security patches, too. But if you’re not sure what something is, you shouldn’t run it.
Your webmail client’s preview features can also help. You can preview PDF files, documents, images, and other types of files in your browser without actually downloading them to your computer.
5. Be aware of encrypted archives
In an attempt to make it around email filters, someone may email you malicious file attachments in an archive — especially an encrypted one. For example, you may receive an email with a .zip, or .rar, file and its password. You’d need to download the archive file and extract its contents with the password to access them.
The password-protection — or encryption — on the archive prevents email scanners and antivirus programs from examining it, so it’s very possible that the archive could contain malware. Of course, password-protected archives are also an effective way to email sensitive files.
So, in summary, to prevent your business from falling foul to Phishing:
- It is vitally important to have the latest security patches so malicious types of these files can’t infect you via security holes in Adobe Reader or Microsoft Office.
- Always double check the source if you’re unsure, even if this means calling up the office or person who sent the email
- Stay up to date on the latest scams and security threats. Sites such as The Hacker News can help keep your business in the loop
- Make sure all software, operating systems and browsers are updated with the latest patches
- Always retype the URL of any link you receive into your browser before automatically clicking it (if your hover your pointer over a link in an email, the true URL will be shown).
- Remember, although opening some emails won’t cause a Virus, Malware or Ransomware; opening the email will be an indication to the hackers that your email address is active and that you are likely to open their emails.
- The true identity of the email sender can be found by looking at the sender’s email address. This is normally be found at the top of the email next to the name.
- If you are still unsure whether the email is genuine and you are curious of clicking the link, hovering your mouse pointer over the link in Laptop or PC (Do Not Click) will show you the destination of the link. If this again doesn’t contain the correct web address of the company, it is more than likely a spam email.