Like all businesses you will receive a variety of daily emails from customers, suppliers and other contacts, some of which you won’t always be expecting.
Email is also a great way of finding out about products, services and news that is of interest to your company, but it’s also a way of delivering unwanted – and potentially dangerous – information to your inbox in the form of spam and phishing emails.
In this article, we explain the risks posed to you and your business by these emails, the best practices you can adopt to protect your company and how Air-IT can help.
Spam and Phishing Emails – what’s the difference?
Spam, or junk emails, are unsolicited emails. They might promote products or services such as pharmacies, gambling or online dating, contain hoax virus warnings or charity appeals, or advertise ‘get rich quick’ schemes.
Whilst many spam emails are merely a harmless annoyance, they sometimes contain viruses or malware that can seriously damage your computer. Junk emails can also be used as a front for phishing schemes (see below).
And they also waste time spent on deleting junk messages and cleaning up your inbox.
Phishing emails are a form of spam that’s been specifically designed to obtain your personal details, such as bank account log-in details and credit card numbers, with a view to either stealing your identity and/or defrauding your financial accounts.
Typically, a phishing email will look like it’s been sent from a genuine bank or financial services provider.
For example, it might use HSBC’s logo and branding and be sent from an email address that’s similar to, but slightly different from, HSBC’s actual URL, e.g. ‘hs-bc.co.uk’ instead of ‘hsbc.co.uk’.
The aim of a phishing email is to get you to visit a hoax website (which again may look like the real thing) through a link within the email and enter your personal and/or financial details, which will then be stolen and used by criminals.
Malware and Viruses
Both spam and phishing emails can be used to infect your computer with malware and viruses such as Trojans. These are activated when you open a link or attachment within the email.
Viruses like these are costing UK businesses millions of pounds a year in fraud, downtime and computer repairs, so it’s essential that you take steps to protect your company from attack.
For further information and advice about GameOverZeus and Cryptolocker, please see our earlier article – GameOverZeus and Cryptolocker Security Threat Explained.
Spotting suspicious Emails
It’s very important that you and your staff remain vigilant about any suspicious emails that may bypass your security systems and contain dangerous viruses.
Following these guidelines will help you identify and delete any suspicious emails before they have the chance to infect your network.
1- Don’t respond to emails asking for personal and/or financial information
A genuine bank would never ask you to provide personal information by email.
And beware of fake messages such as ‘Urgent – log in now, your account details may have been stolen’, designed to prompt an immediate reaction.
2 – Always be cautious about downloading files and opening email attachments
Bear in mind that banks and other major companies don’t generally send out email attachments, so this is an indication that the email may not be from a trusted source.
Attachment file types .exe, .bat, .scr, .zip and .com are especially high risk.
3 -Check the details in the address bar
Does your own email address appear in the ‘From’ field?
Are lots of addresses visible in the ‘To’ field?
Or does the sender’s email address look suspicious, e.g. the account name shows as ‘HSBC UK’ but the actual email address is ‘firstname.lastname@example.org’?
These are clear signs of a phishing email.
4 – Check any links in the email by hovering your mouse over them
If the URL that appears in the bottom left hand corner of your screen looks suspicious in any way, don’t click on it.
And even if the link looks genuine, be wary of clicking on URLs that aren’t encrypted, i.e. that start with https:// not https://
5 – Look closely at the email’s content
Are there spelling or grammatical mistakes, or strange mixtures of numbers and letters, i.e. ‘Gambl1ng’?
Is the email poorly designed or in plain text when you’d have expected an HTML email featuring a logo, images and text?
Or is the whole email embedded in a single image? If so, hit Delete.
6 – Be careful not to pass the problem on, or make it worse
So if you receive a spam email, don’t forward it on or reply to it.
Replying, or clicking on a fake ‘Unsubscribe’ button, will only tell the spammer that your email address is genuine.
Three simple steps
If you’re in any doubt about an email you’ve received, just ask yourself:
- Am I expecting this email?
- Do I know who or where it’s come from?
- Is it too good to be true, e.g. an offer to put money in your bank account?
If an email doesn’t look right, it probably isn’t. If you can’t verify that the message originated from a trusted source, it’s best to delete it.
Step up your IT security
It’s always best practice to have properly configured and up to date anti-virus software, anti-spam filters and firewalls to help minimise the threat of any infection from spam or phishing emails.
So if you don’t have these in place, we strongly recommend that you take action now.
It’s also important that your operating system, software applications and web-browsing software are kept fully up to date, with the latest security updates and patches installed.
In particular, if you’re still running Windows XP or Server 2003, it’s important to upgrade as soon as possible because Microsoft no longer supports these – leaving your computers vulnerable to attack.
Air-IT are here to help
Air-IT offer a range of backup, business continuity and security solutions for all types and sizes of business helping you to be safe, secure and assured that you can recover your data in the event of any unforeseen security breach or disaster.