Many of you savvy users have already adopted simple email security measures. Such as immediately deleting vague emails and not clicking on attachments unless they come from a trusted source. As attackers employ greater sophistication, businesses need to build more sophisticated defenses. Within our customer base, the vast majority of Crypto Locker threats have been in the form of emails to random staff. It is so easy for these criminals to create an email that masquerades the “From:” field within the email so you can NEVER trust this field.
If you ever suspect an email might not be from the recipient in the “From:” field there is a way to check in Outlook. This may be a little bit complicated for some but it show you who *actually* sent the email. Below is an actual scam email indicating I have a parking ticket and it came from Alain Lafortune. When I click on the little tab shown by the top Red arrow, it opens the box containing the email header. When I look at the header I can see the actual sender and it came from “Open-Dictionary.com” which is clearly not a parking ticket company. If I am still uncertain, I can go to www.geoiptool.com and type the sender’s IP address: 188.8.131.52. Based on the output of this tool, I can now see this email originated from Moscow in Russia. I know without a shadow of a doubt that this is a SCAM.
Here are some basic, but powerful, email security measures you may not have implemented:
- Ensure that your business email system includes a multi-layered, proactive security solution. Also, keep security and operating system software up-to-date.
- Enforce a robust password policy to ensure that employees use strong passwords and change them regularly.
- Establish clear procedures for communication of sensitive information. Be wary of any email that suggests a departure from normal security protocol.
- Instead of simply clicking “Reply,” obtain the supposed sender’s email address from a corporate address book and send a reply to that address.
- Before clicking a link in an email, be sure that the link is legitimate. Type the URL directly into the address bar, or hover your cursor over the link to display the full URL.