Apr 11, 2016
Posted by Robert Creech in: May Contain Nuts
2016 already looks to be the year of Ransomware. Scan any technical news publications over the last quarter and you will see councils, hospitals, at least one (US) police department and various other high profile establishments who have made the news having fallen victim to a ransomware attack.
Browse back through recent articles on our pages here and you will find various tips to help you spot bogus emails but, and here is the aforementioned bad news, the goalposts are moving.
One of the possible clues to the validity of an email is the level of personalisation – if the mail warns you that your bank account has been blocked yet greets you with the salutation. “Dear customer” then it is probably not from the business which has your custom. A recent BBC article (available here) discusses a new scam email which does address the recipient by name and even include the home address. This, upon first reading, gives the correspondence some semblance of credibility.
The mail in question suggests that an invoice (from a genuine organisation) remains unpaid and provides users with a link to ‘the invoice’ – the troubles begin when the unsuspecting recipient clicks on the link.
Quite how the people behind the scam have the amount of details they have is speculation at best. The concern here is how this approach might start to push even the more astute users into ‘trusting’ the mail at face value. This is where our advice of years remains unchanged;
– Approach mails with a degree of scepticism
– if you cannot be certain of the validity of an attachment or link, clicking is NOT the way to find out
The absence of a personal greeting is just one of a number of potential indicators as to the validity of an email. By the same token, one should not take a personalised salutation as single proof of validity. If in doubt, delete.
My title above does suggest there is some good news, and here it is. The encryption used by one of the latest malware payloads has now been cracked – read more here.
Proof that there are good people behind the scenes working to undo some of the malevolent mischief of the spammers. Heartening to know but still best not to get caught in the first place. Err on the side of caution with emails and internet usage and, should all else fail, have an appropriate, robust backup solution in place.