Spam Emails A Growing Cyber Threat and How to Shield Yourself.
Not just individuals but businesses also fail to look at spam emails with the seriousness they deserve; dismissing them as unsolicited nuisance. Spam emails often contain malicious code or web scripts designed to create system vulnerabilities. These vulnerabilities lead to back doors, security breaches, and data theft, apart from potential damage to files and computing systems. This casual approach towards spam can be suicidal for businesses.
These days it’s not uncommon to find an inundation of poorly written e-mails promising to enlarge penises, melt fat, sell you your dream watch (fake) or wire millions of dollars in unclaimed offshore wealth in charity appeals. The underlying point is that all such emails get delivered to your inbox without your permission. The context of the email and/or subject line its self lets you know if the email in you receive can be considered spam. For instance, if you searched for a holiday destination in Europe and filled a few forms on travel sites, its usual to expect some promotional emails from them. However, if you are not looking at travelling to Europe and you did not sign up for information on travel sites, any travel to Europe related emails are spam.
People in general have a tendency to surrender to spam emails accepting them as way of life. They tend to believe that receiving unsolicited emails is common and unavoidable. Research from our Security experts note that approx. 57% of all emails in your inbox are spam and the fact that such emails can be part of a phishing scam or have other malicious intentions, should not be taken lightly.
The real problem is when we ignore these emails as just another unnecessary or useless mail.
Let’s review the potential impact that the exposure to these spam emails can have on you and your business.
Ransomware
As per Wikipedia (https://en.wikipedia.org/wiki/Ransomware), Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. The ransom asked for is typically in bit coins or other forms of crypto currency, making it virtually impossible to trace. With the recent onslaught of WannaCry, Locky and NotPetya, ransomware attacks are getting audacious. Simply put a ransomware is a virus or malicious code that attempts to encrypt network resources or files, holding it ransom. It can be activated by clicking a malicious link, downloading an attachment. or when a user unknowingly visits an infected website and the malware gets downloaded and installed without the user’s knowledge. In most cases attacks appear tailored to each victim organization. Victims of ransomware attacks find themselves in a very scary situation and don’t really know how to deal with it. There’s one thing that you should never do, and that is to pay the ransom, as there’s no guarantee that you will get your files back.
Pro tip from AiCyberWatch’s team of Internet security experts – Regularly back up your files and data. This will help you recover your files yourself without hiring any experts and saving you hundreds of dollars in recovery fees.
Spyware
Norton defines Spyware as “unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge”. A spyware allows a criminal to spy on your system and track your activities. In fact, it’s one of the earliest known and widespread threats on the Internet, that infect your computer without you knowing and start-off a series of illegal activities over a period of time. It normally works in the background collecting information such as details of email accounts, usernames and passwords, etc, thereby allowing criminals to get access to information related to your financial accounts and other sensitive data. Spywares get installed on the victims’ computer either due to clicking a malicious link or downloading an infected file.
Pro tip from AiCyberWatch’s team of Internet security experts – Install an Anti-Virus software on your computer that can block spyware from getting delivered. Look for anti-exploit technology and protection against malicious websites, which block websites that host spyware in the first place.
Phishing attempts
Spam emails are often designed for phishing attempts. Phishing is employed by criminals to extract sensitive information like usernames, passwords, etc. from their targets. Such emails generally come disguised as seemingly legitimate emails from known sources. None of us have been spared of spam and have all received verification messages asking for personal information. This sort of communication usually would look like this:
“The Government requires us to regularly verify all Bank accounts, during our verification process, we are unable to verify your information. Please click here to verify your data.” Clicking on the link takes you to a legitimate-looking Website to fraudulently collect your data.
Pro tip from AiCyberWatch’s team of Internet security experts – Ask yourself if you’re expecting any such request from the source. but bear in mind that even if you are expecting, always cross-verify and make sure if the email is genuine.
Spoofing Attempts
Spam emails are often used for Spoofing attempts. As the name itself suggests, Spoofing is using a spoofed (fake) email header or IP address to trick the recipient into thinking it is legitimate. Email spoofing is usually employed together with phishing. If you receive an email that appears to be from a colleague but is soliciting wiring money to an account, you most likely are a victim of spoofing. it would not be wrong to assume that the criminal has gained access to your colleagues’ address book by iniquitous means.
IP spoofing oftentimes is employed to launch denial-of-service (DDoS) attacks, where-in your systems are flooded with massive amounts data that subsequently leads to it crashing.
Pro tip from AiCyberWatch’s team of Internet security experts – you can protect yourself by being alert. If you sense anything suspicious about an email your received or Website, you visited you should stop immediately and tread very carefully with caution. Trusting is good, checking is better!
How to stay safe?
The National Institute of Standards and Technology is a nonregulatory agency. Its Information Technology Laboratory recommends that organizations employ the following guidelines in planning, implementing, and maintaining secure e-mail systems.
Implement Management Controls, Carefully Plan the System Implementation, Secure the Mail Server Application, Secure the Mail Client, Secure the Transmission, Secure the Supporting Operating Environment, Configure, Protect, and Analyze Log Files, Back-up Data Frequently, Perform Periodic Security Testing.
Pro tip from AiCyberWatch’s team of Internet security experts – Never open an email if it appears to be suspicious. If you do open it, make sure you never click on any links or download associated files.