In Albert’s Corner this month, thoughts on new and improved ways to fool you into clicking where you shouldn’t.
By now we’re all aware of phishing, attempts to infect your network or separate you from your personal information via sketchy emails. The problem is that the “phishermen” keep getting better at it, and the emails aren’t so sketchy-looking anymore.
Imagine that you get an email from someone you know: a company you regularly correspond with, maybe even a reply to your own email. The email has an attachment, usually a Word doc or PDF, and says something like, “Please review the attached and confirm.” So you click to open the attachment.
Congratulations! You just infected your entire network with spyware, or even worse, put it in lockdown with a ransomware demand.
What can we do to defend ourselves when the bad guys have gotten so good at what they do that they can spoof a reply to your own email? The short answer is to exercise even more vigilance than usual. Don’t click on ANY attachment unless you’re expecting it.
If the email appears to be from a known contact but you weren’t expecting an attachment, do one of two things. Launch a new email to that person – not a reply – and ask if they really sent it, and what it is, or give them a call and ask the same questions.
If the email contains a hyperlink instead of an attachment, hover your cursor over it. At the bottom of the window (or in the pop-up flag in Outlook) take a close look at the URL, especially the part right before the last dot. That’s where that click will take you, and it’s often somewhere you don’t want to go. Don’t be fooled by other, legitimate-looking terms in the URL; you’ll often see things like google.clicks4everybody.com/xH87tne. The destination URL there is clicks4everybody.com.
It’s a never-ending battle: the bad guys are getting smarter and anti-virus software alone won’t protect you. 9 out of 10 cyberattacks now begin in this fashion, the proverbial camel’s nose under the tent of your network.
Don’t let it happen to you. Give me a call, or send an email (without an attachment), and we’ll talk about the right solutions for your business.
Albert Blaize is Vice President of Sales and Marketing for TRG Networking. Contact him at firstname.lastname@example.org.