By Howard Miles, Information Technology Manager
With the recent malware infection still fresh on our minds, now is a good time to review how malware spreads and what we can do to protect ourselves from it.
Most of the available literature about the particular strain that infected our system points toward an email with an embedded web link. The email probably pretended to be from a bank asking for updated information. The link probably connected to a site that looked like it might really belong to the bank, even including their logo, but it was not in any way connected to the bank. Instead, the link connected to a malware distribution server that sent the infection into the unsuspecting user’s computer.
Once the malware was inside our network, it was able to replicate itself from computer to computer very quickly. So how do we protect ourselves both at work and on our personal devices? We have to train ourselves to be suspicious.
Most of the world is made up of honest people, but the ones who aren’t honest can be very devious. Here are some indicators to look for that might tell you that an email is suspicious and deserves more scrutiny:
- Do you do business with the company that sent it? If not, how would they have your email address, and why would they send you a message?
- Carefully read the message looking for spelling and/or grammatical errors. Foreign players in the malware “business” often have trouble with English. For example, someone recently sent emails pretending to be from “Dr. Saddler, Presnedent of the Health Department.”
- Look at the return address on the email. With fake emails, the purported sender and the reply-to address often do not match.
- If the message contains a link, hover your mouse over the link. Regardless of what the link says in the document, most browsers show you the actual address, typically at the bottom of your screen, before you click on it. If the addresses do not match or the url shown by your browser does not look legitimate do not click on it.
If you still are not sure about the email, contact someone you know at the company. Call a telephone number that you already have; send an email to your account representative; or stop by and see them if they are local. Don’t ever assume that a link is legitimate. If you have any questions about an email never hesitate to ask IT about it.