Go Phish – how to spot a ransomware email
FYI, this story is more than a year old
Would you be able to tell the difference between a phishing email and a genuine one? Most people would say, "Of course! I know what a dodgy email looks like". But with the crooks becoming smarter and more sophisticated every day, what does a modern day phishing email actually look like?
What is a phishing email?
Not that long ago, a phishing email was relatively easy to spot. Tell-tale signs, like spelling mistakes, poor formatting, incorrect use of language and completely irrelevant content, would give out clear warning signs to most recipients. We are all familiar with the good old Nigerian Prince advance-fee fraud schemes, but the very fact we feel confident spotting obviously suspect emails, might just be our downfall today, as we are lulled into a false sense of security.
Methods employed by Cybercriminals are getting more and more sophisticated every day. They operate in a highly professional manner, being strategic about who they target, when they target and how they target. Recent examples in Australia include the ANZ mobile phishing scam, which targeted users via a simple SMS, linking to a very legitimate looking server name; or the ATO scam earlier this year, where criminals used information gathered from social media to personalise fraudulent emails in an effort to trick recipients into opening a booby trapped attachment.
Crooks might target you at tax time with an email from the ATO or around Christmas with a delivery note from Amazon, both making the email look like something you might expect to receive. Combine this with our false sense of security and complacency around putting the right protection in place, and you could be in a whole world of trouble. You click on the email, open the attachment or click on a link, and before you know it, ransomware has been executed on your device. Your files get encrypted (turned into gobbledygook), your automatic backups are deleted and you’re being asked to pay a fee to a complete stranger (often in the form of bitcoins) to get your precious documents, family photos and business data back.
The threat of ransomware
The problem with the ransomware threat is that it keeps evolving. New iterations come out every single day. However, each distinct version shares a common goal – to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration, which is of course upsetting and time consuming. While the ransom fee tends to be relatively low (around $200 - $500), think about all the time lost dealing with this and the emotional turmoil of receiving a ransomware threat! Also, because of this low cost, individuals and businesses often just pay the ransom, which means the crooks win. It’s an effective business model for criminals and one we should all be working to prevent.
So how do you protect yourself?
Know what to look for This is a hard one now, as scam emails look so legitimate, so do the links you click through to. Check out the Australian Communications and Media Authority (ACMA) example screenshot for the fake login page for the ANZ bank, next to the real thing:
But there are some things you can look for on email. For example, hover your mouse over any links. Are they directing you to the webpage of the genuine sender? For ANZ Bank, this would be a URL starting with www.anz.com. The same applies for an email address, if the email is ‘from’ ANZ, but the sender is firstname.lastname@example.org, then the email probably isn’t from ANZ.
Be wary of unsolicited attachments
We all know we shouldn’t open a document if we don’t know what it is or expect to receive it. But the crooks are hoping that if we can’t tell what a document is, we will open it to find out. Keep your eye out and be sceptical when receiving emails purporting to be from a bank, tax office or insurance provider. Don’t allow your curiosity to put you and your data at risk.
Backup regularly and keep a recent backup copy externally
Ransomware isn’t the only way that your precious files can vanish before your very eyes. Fire, flood, theft or even an accidental delete can mean bye-bye to those financial invoices. Encrypt and backup your data so it is safe from all of these potential hazards.
Do not enable macros in document attachments received via email
There’s a reason why Microsoft deliberately turned off auto-execution of macros by default years ago. Don’t let malware infections make a fool of you by tricking you into turning them on.
Don’t give yourself more login power than you need
Another crucial point is to avoid being logged in as an administrator as much as possible. Opening malware documents whilst logged in as an administrator is a big no, no – it makes the cyber criminals job so much easier. For your day to day usage only use the level of access you require.
Patch early, patch often
Malware often relies upon vulnerabilities found in common applications such as Office or Flash to creep in and infect your device. The more you patch, the less holes remain open for crooks to exploit.
Get on-board with powerful ransomware protection
Sophos’ latest product Intercept X, is the next generation of advanced endpoint protection that’s capable of automatically stopping attacks as soon as they are detected, and even retrieving lost data. What’s more, Sophos Intercept X can be installed and run along any competitive endpoint security software, boosting the levels of protection against unknown exploit variants and stealth attacks, with minimal impact to endpoint performance.
Article by Justin Peters, technology solutions director APAC, Sophos