Blog / You Have Mail!

Of course, the link actually leads to a document that has malware embedded in it.  As soon as the user clicks on it, it releases a malware bot onto the computer.  Of interest is the fact that the link actually references a document on Google (docs.google.com). Thankfully, the client did not fall for the scheme and forwarded the message to their primary tech for further analysis.Another clue that it’s bogus is the Email address of the sender – it came from outlook.com.tr.

It requires a careful inspection of the Email to pick up on the clues that point to a SCAM, but it might be worthwhile training users to be more discerning before clicking on links.  Here are a few tips that might help:

  • To see the actual Email address of the sender, click Forward on the Email. DON”T enter anything and DON’T send it, but have a look at the original message and Email address of the sender.  If you see a strange mix of alpha and numeric characters in the Email address, especially the domain part (ie: after the “@” symbol), chances are it’s bogus.  For example, you would expect the Canada Post Email to be coming from an employee of Canada Post at canadapost.ca.
  • Look at the link for any attachment.  It is typically formatted  like http://www.canadapost.ca?doc=123. If you’re unsure if it’s legitimate, open a browser and MANUALLY type in the first part of the link (ie: http://www.canadapost.ca)  If it doesn’t display the website, chances are the link is bogus.
  • You can also hover your mouse over the document link in the Email and it will display the actual address of the website it will link to.  However, DO NOT click it!
  • Finally, if you use Outlook to read your Email, you can covert the message to plain text.  That means that any hyperlinks are converted to the actual website address and it removes the common text overlay.  To convert to plain text, click Actions on  menu bar of the message, choose Edit.  Now choose the Format Text menu item, and then Plain Text from the menu bar. The message is converted to plain text without hyperlinks. Some organizations force all messages to be in plain text at the server.

As with previous viruses and malware SCAMS, we highly recommend the following counter-measures:

  • Install an up-to-date Anti Virus program on all computing resources, including servers and (smart) devices.
  • Install an advanced firewall with dynamic blocking capability and up-to-date methods of detecting infected or malicious sites.
  • Block Email attachments that are known to be carriers of viruses (ie: ZIP files)
  • Insure data backups are current and have been thoroughly tested.  Backup media should be removed offsite regularly – as media left connected (ie: portable hard drives) could also be infected. Ideally backups should be image-based to allow a fast recovery from a large-scale attack.
  • Insure you have clear, concise Technology Acceptable Use policies and that are understood and adhered to by all staff.
  • Train staff in how to recognize potential virus infections and how to react if they suspect a virus attack.
Please contact  your Primary Tech if you would like more information on how to protect your organization from bogus Emails.