Reducing Email Risk

One of my company’s customers drove to a large amusement park, valet parking at the main entrance. As he was leaving hours later, he learned two important facts. The park didn’t offer valet parking, and his car was gone.

This crime wasn’t an elaborate conspiracy involving high-tech gadgetry or extensive planning. It relied on a few parking cones, an official looking vest and human nature. He simply handed over the key, as instructed.

Everyone occasionally follows directions before exercising critical thinking.

Unfortunately, we live in a world where thieves steal more money with a few keystrokes than John Dillinger and Willie Sutton ever did with a gun, and without fear of being shot or thrown into the Eastern State Penitentiary. (I worked two blocks away for years. But I’ll save those stories for later.)

This insidious and increasingly resourceful breed of cyber criminals rely on human nature. Just like the car thieves, they’re counting on someone acting before they think.

Socially-engineered emails attempt to deceive us into downloading malicious software by clicking on a link or opening an attachment. These emails often appear to be work-related, masquerading as having been sent by a co-worker or other known person. As recent headlines demonstrate, once unleashed they can destroy or hold critical data for ransom, or take down entire networks.

The first line of defense against this criminal activity is us. Two techniques at our disposal when defending against email attacks are:

1. Maintain an air of professional skepticism. Be appropriately suspicious and act accordingly;
2. Think before you click!

Here are a few points to remember:

• Never open email or attachments from senders not familiar to you.

• Don’t open email or attachments from people you think you know if the contents appear suspicious.  Virtually imperceptible changes can trick even the most vigilant email user into thinking they recognize the sender. For example, replacing a lower case “L” with an upper case “i” or inserting an extra letter in an already long email address is easily overlooked.

• If the email asks you to click on a hyperlink, run your cursor over it. If it goes to a drop box or google box…it’s MALICIOUS.

• Before clicking, ask yourself:

  1. Is the email work related and is the subject appropriate for me?
  2. Are the links in the email relevant to its purported content?
  3. Were you expecting the email or have you previously received emails from the sender?

• Don’t open attachments with the following file extensions: .exe; .bat; .com or .zip

Finally, when in doubt, delete the email or “go old school”. Pick up the phone and call the sender.

  • RSS
  • Newsletter
  • Twitter
  • Facebook
  • LinkedIn