For the past several years, ransomware has been a major thorn in the sides of businesses. Hackers that were once known for “hacking” into networks, changed tactics when encryption just got too strong. Today, these “hackers” use confidence tactics to gain access to accounts. Once they’re in, their strongest tool is ransomware. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way.
A Brief Look at Ransomware
Being on the receiving end of a ransomware attack is terrifying. First, you log into your computer as usual only to find that files, drives, or even network attached resources are completely inaccessible. What’s worse is that staring you in the face is a ticking clock and a message saying that you need to pay a ransom in Bitcoin or else the files, drives, or network resources will be gone forever. It’s not a great situation. Many organizations (including entire municipalities) have suffered from this and have been forced to pay the ransom only to get hacked again days or weeks later (we don’t recommend you try to negotiate with hackers).
Ransomware doesn’t just get onto business networks and into endpoints, it needs help. Phishing is commonly used to assist it. Phishing is a term used to describe a social engineering attack strategy where scammers attempt to use subterfuge and deceit to make people provide access to computing systems and networks via email, instant message, telephone calls, and any other type of commonly used communication.
Cybercriminals have taken to pairing these attacks together to con as many people as they can. If someone on your business’ computing network incidentally clicks on a link or unpacks an attachment that looks benign on the surface, but deploys this nefarious code, your business may be in big trouble.
What to Look for in a Phishing Email
There are some warning signs that a message is a phishing attempt. They include:
- Details are wrong – There are several details that you should check before you click anything in an email. Is the email address from the sending company? Are there misspellings and grammatical errors that you wouldn’t find in professional correspondence? Were you expecting an email from the company? If there are obvious inconsistencies, make sure to report it to your IT administrator before proceeding.
- There’s a lot of urgency – Most phishing emails have desperate call-to-actions. Email is a useful communication tool, but it is rarely that users are directed to do anything that would necessitate you plugging in any type of sensitive data. If an email’s message seems a little desperate, don’t proceed and report the message to your IT department.
- There’s a link or an attachment – If there is a link or an attachment in the email, and you weren’t expecting the email, you will want to reach out to the sender to confirm their legitimacy through another method of communication.
Your employees will need to be very cautious before clicking links and opening attachments in emails. Here are some steps that need to be taken:
- Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from PayPal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
- a. paypal.com – Safe
- b. paypal.com/activatecard – Safe
- c. business.paypal.com – Safe
- d. business.paypal.com/retail – Safe
- e. paypal.com.activatecard.net – Suspicious! (notice the dot immediately after Paypal’s domain name)
- f. paypal.com.activatecard.net/secure – Suspicious!
- g. paypal.com/activatecard/tinyurl.com/retail – Suspicious! Don’t trust dots after the domain!
- Check the email in the header. An email from Amazon wouldn’t come in as firstname.lastname@example.org. Do a quick Google search for the email address to see if it is legitimate.
- Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
- Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious.
Phishing is the most prevalent vector of attack used today. You will want to ensure that your staff is able to identify these scams and report them to avoid any unwanted circumstances.
If you need help with training your staff about phishing messages and the dangers of ransomware give Symmetric IT Group a call today at (813) 749-0895.