We have been dealing with security issues since computers first emerged in the office place. We moved past the first threats which came to the desktop via the sneaker-net (floppy disks moved from machine to machine) to CD’s, DVD’s, Blu-Ray and even USB devices.
Now the opportunity get a virus, macro-virus, malware, botnet, or other attack can come from many directions, but the same simple methods for keeping your system and data safe have not changed much over time. Several years ago I wrote about the problems of SPAM and how social engineering (no, not social networks but the actual practice of calling on the phone, speaking with someone or sending an email that looks too good to leave closed) was the vehicle for breaching your system or network. Here we are nine years after that first article about SPAM and the same problems still exist. Maybe a bit of review is in order…here goes!
SPAM Is Bad Everywhere
1) The U.S. Post Office does not send you email unless you sign up for tracking on a package. It would kind of defeat the purpose of using mail service. The Postal Service says it doesn’t use email to notify customers about a package delivery. “Customers would receive notification via postcard that they needed to pick up a parcel or it would be posted on the door,” said Tammy Mayle, Postal Inspector. No matter what — always be wary of any email claiming to come from the Postal Service. “The Postal Service doesn’t have an email address for every postal customer available,” said Mayle.
2) The IRS does not communicate with anyone via email for tax bills, etc.
http://www.irs.gov/uac/Don%E2%80%99t-be-Scammed-by-Fake-IRS-Communications
3) This also holds true for UPS and FedEx. Recent scam emails from FedEx used the following ‘from’ email address:
From: FedEx Online Team Management. <wednailofficer@gmail.com>
Real email from FedEx would NOT be from a Gmail account! So why do people open these email and click on the documents? The answer is Social Engineering. SPAM emails account for over 90% of all email sent domestically.
Social Engineering
Curiosity often gets the best of us. Everyone likes to get packages, especially if they contain free stuff! A good example of this is the ‘I Love You’ virus from a few years back. This social engineering exploit targeted the simple fact that all (well most) of us want to be loved. If you opened that email, it promptly infected your machine, turned it into an email server and then dished up a similar email to everyone in your address book. This particular virus spread like wildfire. Patches were built for most email clients to help stop this and most anti-virus programs no longer allow individual machines to become ‘email servers’. One of the best ways to stop these social engineering attacks is through common sense and security.
Common Sense
Where Does Security Start?
Many enterprises have email scanners that take place at the firewall, in the cloud and / or server level before those emails arrive at the desktop. Even in those cases or in cases where you do not have such countermeasures at your disposal, your anti-virus software should have a plug-in that allows you to scan all incoming email and attachments. Most security software will automatically scan each attached file to email or IM messages—even those from trusted sources. The small amount of time that it takes to perform this function can potentially save you hours of work if a file is compromised.
If all else fails, back up your computer data regularly. This cannot be stated often enough. Do not assume that someone else is doing this for you!The failure of a computer hard drive or the mistaken deletion of a data file can be devastating and can mean the loss of many hours of work. Think about what you use every day and how much time it would take you to recover should those files be corrupted, deleted or inaccessible due to a hard drive failure. It is very important that you save the important files you are working on periodically. If you do so, you have something that can be accessed via a backup, shadow copy or other means. If the file is not saved, all the backups in the world will not do you any good! Make it a practice to save those open files you are working on all day. Save early and save often! You can guard against disasters by having backups. If your IT department performs backups, that is great. If not, there are online services that can back-up your system for a small price (i.e. Carbonite, Mozy, etc.) so that you will never have that feeling of losing everything. These services also provide access to those backups in the case of a stolen laptop. Doing these things will help save you a lot of grief and provide even more protection should your system or its files be hijacked by ‘ransom ware’!
Looking at the BIG Picture
Solving The Problem
All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, MCTS, CNE, USE and a member of the Network Professional Association.The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Hagerman & Company, Inc. assumes no obligation to update the forward-looking statements made in this newsletter to reflect any change in circumstances, after the date of publication. Entire contents © 2015 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.