One thing is for sure in IT security: hackers aren’t reinventing the wheel, but they’re definitely giving it a new spin. Post WatchGuard Partner Summit, our team came back with some staggering stats. Did you know email scams make up around 60% of the phishing, ransomware, and malware infecting businesses today?
Hackers have become so good that they can trick even the most tech savvy computer user. There is little standing between your business’ system and a massive attack, so what can you do?
We spoke with Joe Popper, Special Projects Administrator for Accent Computer Solutions, Inc. and 30-year veteran of the IT industry, about the best ways email scams can be contained, and what to do if you are infected.
How Hackers Target Their Next Scam and Who They’re After
The reason it’s called “phishing” (pronounced fishing) is because that’s what hackers are actually doing. They’re throwing out bait in hopes that we’ll get caught on their net.
As a small to mid-size business owner, you might think they’re looking for large corporate dollars. The truth is, it’s easier to catch many smaller fish than one large one. Joe explains:
“Generally, hackers aren’t ‘picking’ a target. They are casting a big net, like a fishing analogy, and they are looking to make money. Let’s use ransomware as an example – they don’t care who gets it, they simply want to infect as many systems as they can.”
“Now the reverse side of that is a major corporation like Apple, Nike, or any large company really. If there’s specific data that hackers want, then they will target those companies directly. But that’s a whole different game, and not as likely as the broad category attacks.
Based on that information, one can conclude that smaller companies are getting “targeted” more than their larger counter parts. Your size or annual revenue isn’t an invisibility cloak.
Ways to Get Infected
While there are many ways to get infected while browsing the Internet, email still reigns supreme. Email is an easier target because people feel secure when logging in. Hackers use this to their advantage.
“Email is the most effective way for hackers to infect your system. One click can defeat your securities, because that click gave your computer permission to download that file. You told the computer ‘It’s okay.’ While browsing the internet, as long as you don’t click on anything, most of that is safe. “
The whole game is to engage you enough to click on something. This is where fake emails are king. As an example, fake emails would have language like:
“You have a package from FedEx we were unable to receive it, click here”
“You haven’t paid this invoice, I have attached it, click here”
"Hackers run their business like a marketing agency. Your email address is on the web, on a zillion different lists. They buy those email lists. And while they may not know which services you use, they send the FedEx attack to everyone to see who clicks. Some percentage will, and they’ll do it again with the invoice idea. You only need a small percentage of people to click to make money.”
Tips and Tricks to Prevent Getting Infected
All hope is not lost, however. While hackers have become impeccable at hiding their true identity, there are ways to combated their efforts. Outside of network security best practices, here are some tricks to spotting fake email attacks.
“Be clear about who is sending the email. The IRS doesn’t send emails. That is your first clue that it’s a phishing scam. These guys are good, but you can catch their mistakes.”
“Check for spelling and grammar errors. How good is the English in this email? A lot of times, English isn’t the hackers first language. If the email doesn’t quite make sense, that is sign.”
“The real trick is the ‘hover test.’ Hover over the links in the email body. It may say USPS.gov on the link, but when you hover over the link it’s hiding ‘abc.123.banglish’ or some weird link mascaraing as a legitimate link.”
If You’re Infected, Should You Pay the Ransom?
“If you are infected don’t ever pay the ransom, that is why this is successful. If you pay the money, they will keep doing it and it doesn’t guarantee they will give you back your data. Paying the ransom can also open you up to a host of other financial and identity theft issues. This is why back up is so important. Your good back up will allow you to restore it and move on. “
We could spend days talking about hackers’ methods, and unfortunately, it could take that same amount of time to clean up an infected system as well. It could take hours or months to restore the havoc installed by phishing scams.
If you know or even think you’ve been infected, alert your IT service provider or IT manager as soon as possible. Keep your staff informed on the dangers of phishing scams and share our tips to keep them in the clear.
Related: Recognizing Phishing Messages
What’s going on in the world of business IT? We keep your finger on the pulse of it all.
Our monthly Tech Trends article will keep you in the loop and show you what's on the horizon of IT.