Riverbank Ruminations

Observations From the Banks of the Technology River

One Click is All it Takes

One click is all it takes.

Once upon a time, a long time ago (say 2013) sorting the spam from the legitimate email wasn’t a hard task. When you got something like the example below, it was a simple analysis. ‘Please send me all your identifying information and we will send you money’.  Or more likely empty your bank account if you were foolish enough to do what they asked.

Spam

As I have been teaching security awareness classes I have been updating clues about determining if you have received spam or not. The list used to include: Look for bad grammar or obvious spelling mistakes. Were you expecting this email? Is the attachment type one you normally get?

As time has passed that list has been updated to add things like:

  • Social media companies allegedly implementing new login procedures
  • Credit card companies asking the user to open an attachment and verify account details,
  • Online merchants saying they’ve temporarily suspended an account
  • Banks asking the user to “click here” to restore account access also duped a portion of respondents.

I always stress users NEVER EVER EVER EVER click on a link unless they hover over it first to assure that the destination is one that is what they expect. I also include the idea that if where they are going is going to require a login that HTTPS:// is a requirement. A recent article by Brian Krebs points out that phishers are taking the time to get certificates so they can host a malicious site with an HTTPS connection to appear legitimate.  From the article: 

In November, PhishLabs conducted a poll to see how many people actually knew the meaning of the green padlock that is associated with HTTPS websites.

“More than 80% of the respondents believed the green lock indicated that a website was either legitimate and/or safe, neither of which is true,

If your users have the same misconception, then there is a serious security issue that needs to be addressed. Phishers can now get SSL certificates for free so there is no monetary barrier preventing them from making the website look more trustworthy.

I have taken to using this cartoon in my training. It highlights the fact that regardless of how many devices and pieces of software you have in place to protect your network, you still have to allow email in to your network. As long as that happens, the users have the last say as to what happens when spam comes in.

Comic1

Considering the new wave of attacks with fileless malware, users need to be even more vigilant. In case you aren’t familiar with the so-called fileless attack it involves sending an attachment that runs a macro that downloads the malware in the form of a PowerShell script. The malware runs in memory and thus has no actual physical payload. Alternatively the user could be browsing a compromised website and a vulnerable application is exploited to get the PowerShell script to the victim. The script downloads encryption software and key and does the damage for a ransomware attack.

The threat landscape keeps evolving. Just as the inhabitants of any environment must adapt to changing conditions you and your users need to keep up with the threats or suffer the consequences. Last year businesses paid $1 BILLION in ransoms. They felt that was the best solution. Really, the best solution is to keep your users up to date, and just in case, have a tested, working backup procedure in place.

 

Blog Archive

Mobile? Grab this code!

Qr Code

Our Mission:
Ashton Technology Solutions develops proactive business technology strategies to arm our clients for success.

Contact Us

Learn more about what Ashton Technology Solutions can do for your business

Call Us: 216-397-4080

23625 Commerce Park
Suite 130

Beachwood, Ohio 44122

sales@ashtonsolutions.com