How Can I Avoid Being a Victim of Malware?
We’ve probably all had a good chuckle at an obvious scam or phishing email at one time or another. You know, from the Nigerian prince asking you to send oodles of money to spring your 25-year-old cousin from a Mexican prison after he was arrested during spring break. Come to think of it, your cousin never even went to college …
Anyway, the point is, many nefarious emails are far more sophisticated and subtle. Sometimes, even just opening an email can be all it takes to trigger an issue. So why should you be concerned? Well, says Amelia Kuzneski, KIG’s IT Implementer, these emails can be a gateway to malware. Clicking on a link can automatically download malicious software or a virus onto your computer. For example, keylogging software — when downloaded through an email attachment — can keep track of what you type. So, any password or credit card numbers you type get recorded. Scary, huh?
“There’s a whole dark side of the Internet that a lot of people don’t realize is there because they don’t see it. It acts in the background, so this often happens without you even knowing,” Amelia says. “I think some people don’t really understand the magnitude of the problem.”
Hopefully the security you have in place on your computer network will route these malicious emails to your junk folder. But even the best security systems are not infallible, so it’s not uncommon for them to get through from time to time. To that end, here are some good practices to follow if you are even the least bit suspicious:
- Do not click on any links in an email that you believe could be malicious.
- Do not download any files or attachments that the email contains.
- Do not reply to the sender.
- If you have an IT department, use it. Let them deal with any potential threat.
And there are almost always telltale signs to watch out for:
- Who is it coming from? Does the email address match your company’s domain (@yourcompany.com), and is it from someone who actually works in the company?
- Based on the subject line, is it being sent to the appropriate person within the organization?
- Is the subject appropriate for email communication, or is this something that would be better handled over the telephone?
- Poor punctuation and grammar. These emails often don’t sound like they were written by an English-speaking person. This can be a dead giveaway.
“These are situations where you would much rather be safe than sorry. Data breaches can be extremely messy, especially when personal health information is involved. We all get bombarded with emails, but it’s important to take a couple of extra seconds to ensure that they're legit and safe,” Amelia says.
The people who may need to be most alert to these types of emails are often the financial folks in your organization because, let’s face it, the goal is typically to gain access to a company’s financial information.
But who would actually fall for this type of scam? You’d be surprised, says Janice Fritz, HR consultant with Kuzneski Insurance Group: “The scam that often gets sent out to HR/payroll folks is an email spoofing an employee and asking to have their paycheck direct deposit information changed – to the scammer’s own account. I've had employees fall for it before, but fortunately the scam was recognized by the payroll provider. The cyber-attacker usually picks the email address of the CEO or another high wage earner to spoof, in order to try to get the most bang for their buck.”
“The HR best practice that comes out of this is to never allow or accept payroll or personal changes via email,” Janice says. “They either must flow through the HRIS system if one is in place or be old school on a paper form with a signature. If something on paper looks questionable, always confirm with a phone call -- to the number you have on file, not the one in an email.”
Cyberattacks can have devastating consequences. But there are ways to protect yourself. We think you may be interested in reading What is Cyber Liability Insurance?