Macro Systems Blog
A Refresher on Phishing and Ransomware
When we talk about modern cybersecurity, there seems to be a lot of emphasis put on phishing attacks and ransomware. This is for good reason: not only can either of these attacks create significant difficulties for a business, they are often used in tandem. Why are these threats are so potent, and why do they so often show up together?
A brief review on how each attack works.
Ransomware
Imagine the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, an especially ugly malware that could cost you everything.
Phishing
Do you ever get random emails that seem to come from your bank, your insurance company, or the government? The truth is most professional organizations that you depend on will never want you using email to do anything other than verify your identity. That means that the emails you get that say you must act now to avoid going to jail for owing money are as fraudulent as they seem.
These are phishing messages. They can come in via email, social media, or via SMS or phone call. Alas, for the modern user, they are constant, often sophisticated, and can be especially problematic if handled improperly.
Phishing + Ransomware = Major Trouble
Since modern hackers can’t just hack their way into an account, they use social engineering tactics to do so. If they can expose their fraudulent message to someone that is less than vigilant, they may gain access to a computer (or worse, a computing network), and then deploy their ransomware. Not a good situation for any individual and, a significant issue for any business. Therefore, it is critical that your staff understands phishing tactics and can spot fraudulent emails and messages when they arrive. Listed below are some telltale signs that you are dealing with a phishing message.
Identifying Phishing
Phishing tactics are more sophisticated than they were even a few short years ago, but they can’t do anything for the one variable that matters: legitimacy. Here are a few ways you can tell that you are dealing with a phishing attack:
- The details in the message are suspect - Many people don’t pay much attention to the email address an email is sent from, or if a word here or there is misspelled. This is how phishing attacks beat you. If you receive a message that has spelling or grammatical errors that you wouldn’t find in professional correspondence, you probably are dealing with a scam. You can also look at the email address itself or best yet, mouse over any links found in the text of the email. If it seems fishy, it’s probably phishing. DON'T CLICK ON IT.
- The tone is desperate - One telltale sign that you are dealing with a phishing attack is that the message written to you seems urgent. No reputable financial institution or government entity is going to demand immediate action from an email.
- There’s a link or an attachment - Using phishing to deploy ransomware (or any type of malware), you will usually see an attachment or be asked to follow links in the message. If you have any question of the validity of the message, don’t click on a link or open an attachment.
Cybersecurity is a constant process. If you would like help getting your staff trained or if you would like some information about other security tools you can use to keep your infrastructure and data secure, call the IT professionals at Macro Systems today at 703-359-9211.
About the author
Comments