Elijah Digest – August 23, 2018

IN THE NEWS

Email: Be careful what you click on

What method of communication is used more than talking or texting? Electronic mail (or email). Statistics show that there are about 124.5 billion business emails sent and received per day. So, with so much email, how do we know if the messages we receive are actually legitimate?

  • Did you know that the first email system was developed in 1971?
  • Did you know that the average office worker receives 121 emails and sends out 40?
  • Did you know that 86% of professionals name email as their favorite mode of communication?
  • Did you know that 49.7% of all mail is considered spam?
  • Did you know that 2.3% of emails have a malicious attachment?

So, how do we determine what is a good attachment or a malicious attachment?

Fake emails may contain a malicious attachment that can be used for Phishing, which is defined as “a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money) often for malicious reasons, by disguising as a trustworthy entity in an electronic communication [email].”

“Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site, the only difference being the URL of the website in concern. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that distribute malware.” Definition of Phishing provided by Wikipedia, https://en.wikipedia.org/wiki/Phishing.

Lately, phishing attempts have taken on new attributes: fake FedEx or UPS tracking correspondence that looks very real. A new scam claims to have used your webcam to record a video of you browsing illicit adult websites. And, if that is not enough, the scam claims to have one of your old passwords and will threaten to release the incriminating evidence to your family, friends, and your boss if you don’t pay.

So, what can you do to stop these messages?

Here are a few steps that can help spot the fake messages:

  1. Beware of any email that sounds urgent. Messages with the subject line of “ATTENTION”, “URGENT”, “CRITICAL”, RESPONSE REQUIRED”, or “NECESSARY” are a hint that the message may be a phishing attempt.
  2. Look at the Sender’s email address. Does it match up with the sender’s name? Does the domain address look correct? If any of these don’t match, delete the message.
  3. Check the spelling, grammar, and punctuation. Is the message easy to read? Are there a lot of errors? Do you have to read the message 2 or 3 times to understand it? If so, then delete the message.
  4. Using your mouse, hover over the links but do not click on anything. If the link says http://www.yahoo.com, the preview link should show http://www.yahoo.com. If there is a long string of extra characters, then this is not the site you would click on. Delete the message.
  5. If you’re concerned about the authenticity of an email, DO NOT download any of its attachments as they could contain a virus that might install illicit malware or ransomware on your computer. In recent years, phishing attempts have employed ZIP files, PDF files, and even .WAV files masquerading as voicemails that are sent directly to your inbox. Clicking one of these infected files can cause widespread damage to your computer and any other systems it is connected to.

Here is a sample email that was received on 8/20/18 from Office 365.

Look at the items that we discussed above. Here is what I found: email address is wrong as this does not look like it came from Microsoft or Office 365. The Renew Subscription link shows this weblink: https://www.mastro5design.com.au/rawa/?mes1=jon@elite-nac.com. Lastly, Live chat with Support has this weblink: https://titanscard.gb.net.

So, with all the email that we receive on a daily basis, we need to be proactive and look at the messages that we receive, to verify that they are from a reliable source. Remember, if the message appears too good to be true, it probably is spam mail. Don’t open any messages that promise a reward or a gift, as that gift will probably be malware.

Reach out to your trusted IT Professional for assistance with email support and management. Being proactive to protect you and your business against possible security breaches, cyber-attacks, and computer infections starts with having a good password management program. Your IT Professional can provide Security Software, physical firewalls, and Cyber Security Vulnerability Scans to provide the proper protection for your business. This is the benefit of working with an IT Professional.


About ELIJAH

Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit http://www.elijaht.com or call 866-354-5240.


Elite Networking and Consulting is now part of ELIJAH. ELIJAH looks forward to continuing to deliver managed IT services with the same degree of care and high standards created by Elite. ELIJAH is also pleased to broaden our scope of expertise in providing digital forensic, cybersecurity and IT solutions.