Avoid phishing and cyber crime attacks with these employee tips

Petya and WannaCry Cyber Attack Update:  

These email tips are really important to keep safe, but they are not enough.  It is really important to install all updates for Windows.  Make sure you install the latest security updates today.  You also need to have an up to date Anti-Virus and Firewall configured.  You also need a robust backup solution with roll back feature.  We can help, please contact Bytek today to discuss your needs.

Feel free to share these email tips with everyone at work to help avoid cyber attacks.     

1 - The message contains a mismatched URL

If an e-mail contains any hyperlink it will generally be in blue and underlined but sometimes appearances can be deceiving and the URL that is displayed may not be the URL you go to if you click in the link.  You can check this by moving your mouse to hover over the link.  If the URL that Outlook shows you is different from the text of the e-mail, then it’s almost certainly a malicious e-mail.

You should only ever click on links from e-mails where you know and trust the sender.  Checking for a mismatch of URLs is an essential step in deciding to click on a link.


2 – URLs contain a misleading domain name

I would guess that not everyone understands the way domain names (that is, the bit of the URL like www.bytek.ie) are constructed.  The most important thing to realise is that they should be read from right to left.  For example, sales.bytek.ie is a “subdomain” of the domain bytek.ie, which of course Bytek owns so only we can register subdomains of that domain.  In contrast, bytek.sales.ie has nothing to do with Bytek – it will be owned by whoever registers the domain sales.ie.

This technique is often used to make it look as if an e-mail has come from Apple, Microsoft, Google or another well-known company.  It’s another tell-tale sign of a phishing e-mail.

The other type of misleading domain name is one that is a corrupted version of the correct name.  There are two variations on this theme.  The first is a slight misspelling of the company name.  Examples would be www.app1e.com or www.Byt3k.ie.  The second is to use a misleading “top level domain”.  A whole range of new top level domains can now be registered, such as .info, .tv, .bargains, .business, .blackfriday, .tv (and about 1000 others) in place of the traditional .com or .ie top level domains.  That means, for example, if you see a link that includes www.microsoft.channel there is no guarantee that it is controlled by Microsoft and this is a standard technique used by hackers to create a false credibility for their phishing e-mail.

You should look for any of these misleading domain names in the address of the sender as well as in any links embedded in the body of the e-mail.




3 - The message contains poor spelling or grammar

This type of phishing message was much more prevalent in the past than it is now so you can’t rely on it to the same extent – many hackers have become more professional.  Having said that, a lot of cyber criminals have English as a second language and you should give careful scrutiny to any e-mail that uses tone or language that is not normal for business communication.  Most genuine marketing and official e-mails are thoroughly reviewed for spelling and grammar so any e-mail that pretends to be in either of these categories but contains lots of errors should be treated with suspicion.

The other point to make about poor spelling is that it can be deliberate.  Many spam e-mailers try to avoid getting caught in spam filters by changing the spelling of the key words used by such filters.  I would always treat any e-mail using this sort of trick as highly suspicious.

4 - The message asks for personal information

Banks and other reputable companies will not ask you to provide personal information by e-mail.  They already know your account number, security answers or credit card number and there is no need to confirm that information to them.  Some phishing e-mails will tell you that your account is locked and invite you to enter your password after clicking on a link.  If you think that there is a possibility that the e-mail is genuine you should login via the company’s official web site, not using the link supplied in the e-mail.

5 - The offer seems too good to be true

We are all bombarded with special offers via all sorts of media, including e-mails. As the old saying goes, “if it sounds too good to be true then it probably is”.  This is just as true for an e-mail as it would be if a stranger walked up to you in the street and made you the same offer.


6 – You didn’t initiate the action

I’m sure everyone has seen the more ridiculous versions of these – you have won a prize in a lottery that you didn’t enter or are offered a loan you didn’t apply for.  These are easy to identify.  The more sophisticated ones will relate to a payment or invoice from a company that we don’t do business with or a failure to deliver a parcel from a company that you haven’t ordered anything from.  This sort of trick is used to make you click on a link or open an attachment.

7 – You have to send money to cover expenses

Phishing e-mails have different objectives.  Some are hoping that you will click on a link (which will either infect your PC with a virus or steal your login details) or persuade you to open an infected attachment.  The remainder try to get money from you more directly.  The reasons for this are often quite obvious scams but you probably just need to bear one of the previous hints in mind – if it seems too good to be true then it probably is.

8 – The message makes unrealistic threats

Once again, you’ve probably seen lots of these.  An e-mail from a bank will never threaten to close your account and the police is unlikely to threaten you with arrest by e-mail.  On the other hand, it is possible that you will get legitimate demands for payment from suppliers, possibly where our normal invoice process has missed their payment for goods or services that we have received.  Always check before taking any action.  In either case there may be a link to be clicked or an attachment to be opened.  Make sure you follow the guidance before doing either of these.

9 – The message claims to be from a government agency

The most common one of these are the e-mails that pretend to be from Revenue telling you that you can get your tax refund by just clicking on the link.  Tip number six should make you wary anyway if you haven’t recently submitted a tax return.  Sometimes the e-mail will threaten you with dire consequences unless you respond.

If you are in any doubt as to the validity of an e-mail from government then use an official channel to communicate with them.  Revenue has a secure messaging system in its portal and most other agencies will have a mechanism for submitting a query on their “Contact Us” page within the web site.  Most government agencies have lots of information including contact details on http://www.gov.ie

10 – Something just doesn’t look right

Some hackers have been getting better at writing believable e-mails.  You may get e-mails that are so well-crafted that the previous nine tips can’t say for definite that it’s a phishing e-mail.  Even so, you should act on your instinct and avoid acting on e-mails that just seem a bit suspicious.  The e-mail might be promising access to some really useful information or be offering a good deal on tickets or the latest phone but if you’re not sure whether to trust it or not then you should err on the side of caution.  After you have been treating all e-mails as potentially suspicious for a while you will build up a sixth sense, which you should trust when it tells you an e-mail may be dodgy even if you can’t put your finger on why.

11 – Working safely with attachments

The best advice is that you should never open an e-mail attachment preferably at all or unless you know and trust the sender.  But, what if your job requires you to process incoming e-mails with attachments from lots of customers or suppliers?  This tip is for you.

The use of e-mail attachments with macros has been on the increase over the last six months globally.  These attachments have an embedded macro that allows the hacker to download malicious software onto your PC, either to steal customer data, steal your passwords or to encrypt your files (just like a ransom-ware attack).  In Office 2007 Microsoft introduced a mechanism to try to prevent macros from being exploited by hackers but it’s not fool proof – some people rely on the power of macros in spreadsheets to do their job.  If you don’t need to use macros then you should disable them.  You need to do this separately for Word, Excel and PowerPoint.  To do this you need to open Word, Excel or PowerPoint and choose options from the File menu then click on Trust Centre and Trust Centre Settings.  Once in the Trust Centre you can select Macro Settings and choose one of the macro settings.  If you don’t need macros for your job would recommend disabling all macros without notification as per the screenshot below (you should do this for Word and PowerPoint even if you use Excel macros).  If you need to use Excel macros then choose the second setting – avoid the fourth setting, which enables all macros.  Once you click OK a couple of times you’re secure.  With the right macro security setting even if you accidentally open an attachment with a macro virus it can’t run and you will be safe.

Because of the ability to turn off macros hackers have developed techniques to trick you into enabling macros, mostly using basic “social engineering”.  If you ever see content in an e-mail attachment directing you to enable macros please log a call with http://www.Bytek.ie.  Don’t be tempted into re-enabling the macros in the Trust Centre or clicking on this message:

Bytek has been in business for 29 years.  We help small, medium and enterprise businesses succeed by providing excellent IT Services and Support.  You can read bout our TEKrecover, our range of Data Backup and Recovery services here/

Pamela O TooleComment