Scam and Phishing Emails

by GRD Creative | Feb 15, 2023 | Business, Email, Security

Gleneden Ridge Design would like to take this time to remind everyone of malware emails. There are a whole host of emails recently that are scam and phishing emails.  We’d would like to remind you of a few things in the event you receive those emails:

• Be very cautious of emails that appear to come from someone instructing you to do something, especially purchase something or click a link.  If it is not something that is part of your normal everyday activities, please confirm with the “sender” via calling them, do not reply back to the email.
• Be very cautious of emails that are asking you for contact information or any confidential information.  Colleagues and businesses should not ask you for this information.  Please confirm with the “sender” via calling them, do not reply back to the email.
• IT systems should not email you about expiring passwords or needing to reset a password, neither should they email you about a secure document that needs to be downloaded.  Again, if you receive emails like these, please confirm with the “sender” via calling them, do not reply back to the email.
• Do not open an attachment within an email you are not expecting and can clearly validate the sender of the email.

In most cases, a random email appearing in your inbox that you do not usually receive as a matter of your day to day activities is likely a scam. In today’s rapidly evolving computing landscape, there are a plethora of harmful threats to computer systems and users that are loosely categorized as “malware”. The list below attempts to explain these at a high level, as well as what to look for to protect yourself from becoming a victim of malicious software.

The term “malware” broadly encompasses the following types of malicious software:

• Viruses and Worms: Viruses can make copies of themselves, spreading to other computers by infecting applications, documents and files and starting malicious code. Typically a user has to open these infected programs and files for the virus to run. Worms are a type of computer virus that can replicate and spread across computer networks by exploiting operating system vulnerabilities (for example, an out of date Windows installation). Unlike viruses, worms can run undetected in the background, replicating and spreading themselves autonomously. Both viruses and worms can be destructive, designed to damage or disable the systems they infect. When integrated with spyware, they can steal credit card, banking or personal information by logging keystrokes and sending that information back to the malware authors. 
  
• Ransomware: Typically known as “crypto malware”, it locks a system by encrypting the hard drive and all user data. Users are unable to access their computer or any of the files on it. The ransomware demands payment (usually in bitcoin) to unlock their system. Some ransomware can spread like a worm does, using already infected systems or it can be delivered to the target system inside a Trojan horse. Other types of ransomware exist such as “Scareware” and “Doxware”. See the links below for more information.  
  
• Adware and Spyware: Adware is typically embedded into free “ad-supported” software, and usually displays ads within that software or your web browser. Spyware can gather information about a user by taking actions including but not limited to collecting keystrokes, watching screens, harvesting login information, and other monitoring activities. It is often used by adware to display targeted advertising. When used maliciously, spyware is bundled together with other malware such as viruses and worms to perpetrate theft and/or fraud.
  
• Rootkit: Typically embedded with viruses, Trojans and worms, the rootkit attempts to conceal its host malware from detection by security programs such as antivirus software, while providing the malware with continued administrator/root level access to the infected system. Rootkits can remotely execute files and change system configurations without the user knowing.
  
• Trojan Horse: This type of malware attempts to disguise itself as a helpful piece of “freeware” – for example, a free antivirus program, “system utility” or “office productivity” program. Once installed, it simultaneously installs malware – viruses, worms, spyware, ransomware, rootkits, etc.
  
• Phishing email: Used heavily by Trojans to entice users into opening an email attachment or clicking on a link in the email’s body that downloads malware onto the user’s system.
  
• Bots and Botnets: Bots are software programs that are used to automate specific functions over the Internet, typically by using scripts. In the malicious context, they can be used to perform DDoS (denial of service) attacks, spread spam email, deliver ads on websites, create accounts on websites and more. Malicious bots are delivered and spread as part of a worm or virus. A botnet is a collection of systems that are all infected with the same bot, allowing the bot author to use the collective processing power of many systems for malicious purposes.

More information about various types of malware can be found here:

• Common Malware Types: Cybersecurity 101: https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101
• Rootkit: What Is a Rootkit?: https://www.veracode.com/security/rootkit
• What Is a Computer worm?: https://www.veracode.com/security/computer-worm
• Malware Types and Classifications: https://www.lastline.com/blog/malware-types-and-classifications/
• Spyware: https://searchsecurity.techtarget.com/definition/spyware
• What is Ransomware: https://www.avg.com/en/signal/what-is-ransomware

Many attacks are automatically mitigated on a daily basis by online, office-based, and computer-based security systems.  Please be mindful of links in emails and the various different types of content that comes to your inbox.

Malware Symptoms

These conditions can be indicators that your machine has been infected with malware:

• Consistently high CPU utilization.
• Hard drive constantly busy.
• Programs open and close automatically – For example, unexplained Windows Explorer or command prompt windows opening up and then closing.
• General system instability – blue screens, hard crashes, lock ups, unresponsiveness, etc.
• Unexplained emails being sent from your email account without your consent. Often, people in your contacts list will email you asking you to stop sending phishing or spam emails. 
• Files getting modified or deleted.
• New unknown files, shortcuts, etc being created.
• Inability to change system settings that could be changed before.
• Unwanted pop-ups, programs or web browser based toolbars.
• Slow web browser performance.
• Lack of storage space.

More information:

• 7 Warning Signs of Malware Infection: https://www.techadvisory.org/2016/03/7-warning-signs-of-malware-infection/
• 10 Signs of a Malware Infection: https://www.kaspersky.com/blog/signs-of-malware-infection/2505/
• Symptoms of Malware: https://blog.trendmicro.com/symptoms-of-malware/

Preventative Measures

• Keep your operating system and software up to date.
• Ensure your antivirus / antimalware software is updating itself.
• Watch for suspicious emails. 
  • These can be made to look like they came from a known source or it may be obvious that they are coming from an unknown source.
  • Such emails typically contain a malware infected document or links to “dropper” sites. Do not open any email attachments or click on any of the links in them. Always check to see if the sender’s name matches the sender’s email address.
    • In Outlook, you can check the message header of an email by going to “File” → “Properties”, where you can see the “From:” field.
    • For links, you can hover over them with your mouse to see the actual address they go to without clicking on them. Checking where the links go is usually a clear indicator as to whether or not an email is legitimate.
  • Examples can include:
    • Messages containing a “too good to be true” offer such as free money in exchange for bank account numbers.
    • Messages that purport to be a bank or PayPal sending financial statements, or an online service such as Apple, Amazon, or UPS sending an attached invoice or purchase receipt that is actually a Trojan.
    • Messages that claim to be an online service such as Gmail sending a password reset request that contains malicious links or a Trojan attachment.
    • Messages that look to come from a fellow employee asking you to purchase something (typically a gift card).
    • Messages that appear to be SpeedLine services regarding inbox limits, voicemails, etc.
  • If you think an email is suspicious or it came from a source you are not expecting, chances are good that it is malicious in nature. Any email that looks suspicious should be deleted immediately without opening anything inside. Talk to the sender via the phone or other communication channel.
• Open your security software periodically to see if anything was detected in the last scheduled scan.
• Be skeptical of freeware. Supposed “free” useful utilities such as “systems optimizers” and “cleaners”, free games (such as online poker applications) and free “downloaders” often include Trojan horses or other malware.
• Do not click ads on websites. Often, it is difficult to determine whether such ads are legitimate. If not, they can redirect your web browser to a page (dropper site) containing malicious code that can infect your system.
• Do not open joke or funny emails. Sometimes, these can be used to spread Trojans, viruses and other undesired malware. 

If you think that your computer may be infected, or if you’re unsure whether a particular email is safe or not, talk to your IT department, your IT support company and they’ll be able to advise you. Or contact Gleneden Ridge Design and we’ll be happy to point you in the right direction.