There has been a noticeable increase in spam within the last 6-12 months, making it even more important for users to educate themselves on ways to recognize malicious emails. Spam emails come in many forms and have a range of intended goals, from phishing (moneymaking) scams to malware infections and data corruption. Most organizations already have a layer of defense in place, which can and should include a spam filter, antivirus software and a firewall. Although these defenses are designed to protect against viruses and hackers, they are not foolproof. Spammers and hackers continually work on developing new and clever ways to circumvent traditional email filters and firewalls, which is evidenced in this recent increase in spam. Although antivirus software companies, like Symantec, come out with updates and improvements that defend against new viruses, end-users need to do their part in vigilantly protecting their computers and data.

Malicious emails can be identified by many distinguishable characteristics. If the email comes from an unrecognized sender, it is possible that it is spam. Frequently, these emails will have a friendly salutation in the subject line, such as ‘Hello,’ or a call to action, such as ‘Quick question.’ Sometimes subject lines will contain the name or email address of the recipient, which is a method spammers use to make the email appear inviting and relevant to the recipient. The contents of such emails can range from ploys for users to divulge personal banking information to links that direct to dangerous websites.

There has also been a rise in spam that appears to be coming from fax software, voicemail software or banks. These emails will typically contain an attachment and are intended to fool the recipient into thinking they are opening a fax, listening to a voicemail or checking an invoice/bank statement. If the email is in an unfamiliar format or comes from a fax, voicemail or bank service you do not use, it is highly probable that it contains a virus. Malicious email attachments come in many forms, some being files ending in .exe, .bat, .scr, .zip or .com. These types of files, when opened, can quickly infect a computer with a damaging virus or create an entry point for a hacker to remotely connect to the computer, granting them access to important files, confidential information and network drives.

Spam filters can be configured to blacklist (block) emails from certain domains and protection levels can be increased if an excessive amount of spam seems to make it into an inbox. That being said, spammers still find ways to evade the filter. An example of such an email would be one that does not contain an attachment, but instead has a link imbedded in the body. Hovering a mouse over a link reveals the domain in the bottom left hand corner of the screen. This helps to confirm if the link in the email is a recognized or legitimate website.

Malicious emails may contain typos, misspellings and a random mix of lowercase and uppercase letters. This is actually an intentional tactic used by spammers to identify less-than-savvy users. If a recipient responds to a blatantly sloppy email as if it were legitimate, the recipient is identifying themselves as an easy target for a scam.

Microsoft Outlook contains a handy built-in feature called ‘message options,’ which allows users to get in-depth information about an email without having to actually open it. With this feature, users are able to see the true domain of the sender and the name of the server from which the email came. This button can easily be added to the quick access tool bar in Microsoft Outlook by right-clicking on the tool bar on the top left-hand side of the Outlook window, choosing ‘customize quick access toolbar,’ click on ‘more commands,’ select ‘popular commands’ and add ‘message options.’

Very recently, there has been a surge in a new type of cyber-attack called ransomware, a trojan that encrypts and renames all files on a victim’s computer, and, as the name suggests, holds the files for ransom. If a user becomes infected with ransomware, they will lose access to all of their files and receive a message on the screen explaining that their files were encrypted and they must pay a large sum of money to obtain the decryption key.

Ransomware is a moneymaking scheme developed by hackers with a high infection rate. When infected with ransomware, a user has three options. The first option is to follow the instructions on the screen and pay the requested sum of money to decrypt their files. This is not a recommended option, as the cyber-criminal may still have access to the ‘decrypted’ PC (leaving it vulnerable for future infection), in addition to personal or banking information from the initial ransom payment. The second option is to restore the PC from the most recent backup available from before the ransomware infection. This process can take some time and if the user does not regularly back up their files, there can be a significant loss in data. The third option is to wipe the PC back to factory settings and rebuild. This option results in a complete loss of data. For users who do not back up their PC and locally saved files, this is the only option that doesn’t involve paying the ransom.

Ultimately, regardless of how hard we pray to the computer gods, spam, viruses and hackers are not going away. Because of that, end-users must educate themselves on how to identify and avoid malicious emails. Additionally, it is important to have an effective backup system for important data and strong passwords.

For more information, contact Plummer Slade at (412) 261-5600 or