A Taste for Holiday Spam

http://www.tech-ii.com/taste-holiday-spam/
“T’was the night before Christmas and” …. Well it really last from November through January, that is. What lasts for months on end you ask? Well SPAM, that pesky e-mail promising you free stuff or telling you that your package has been setup for delivery. Spam is not just something to worry about during the months of the holidays, but it tends to come in very high volumes during the holiday season.


As retailers around the world ramp up for the holiday shopping season, holiday themed spam and phishing messages will be heading for inboxes everywhere. While we can update our filters and pay close attention to what is hitting our borders, all may not have as good a protection on their personal accounts as they do at work, so give your coworkers an early festive present by warning them of the common threats that hit this time of year.


Malware
Whether in form of festive greeting cards, holiday screensavers, or applications for your Facebook page, festive themed malware comes straight from the Grinch and tries to take advantage of people’s holiday spirit. Making sure that antivirus software is up-to-date is critical, and treating any software or app with a healthy bit of skepticism is a way to play it safe.


Scams
Whether the hot gift this year will be tablets, or smart phones, or coffee makers, one thing is for certain; supply will not meet demand. Scammers will exploit this by sending emails offering unbelievable deals, or stating that they have in stock what everyone else sold out. If it’s too good to be true, it probably isn’t. Remind others to only shop with reputable vendors, and to check out special offers by going to the website directly instead of clicking links in emails they weren’t expecting.


Online Coupon Offers
Phishing attacks may offer incredible savings in exchange for personal information. Before filling out any form to get a discount code, make sure you are dealing with a real vendor. Again, going to the vendor’s site by typing the URL in by hand is safer than clicking links in emails, or calling a brick and mortar to verify a coupon offer is legitimate can save time and disappointment.


Fake Transactions
We should be very careful about email confirmations for purchases they did not make. Scammers can mock up an order confirmation for a high priced purchase easily; and they are counting on the victim clicking the link to cancel the order rather than confirming it is legitimate. Whether that delivers malware, or tries to harvest personal information and login credentials, it’s a way to exploit someone’s fears of fraudulent transactions.


Pleas for Help
This is also the time of year when phishing expeditions pull out the really mean-spirited methods. These can be pleas for help from strangers with incredibly sympathetic stories, or from relatives allegedly stranded and needing money, who can email but strangely not call for help. We all need to be aware of these scams, and be wary of any request for help that they cannot confirm as legitimate.
Take a moment or two today to warn others of these scams. It’s a gift that keeps on giving, and helps make sure no spammer named Scrooge spoils their holiday.

Ransomware: The What? The Where? And The How?

Ransomware and other variants are on the rise, but there is hope to limit the impact of this threat to your company and its assets. In the this article we will be discussing what ransomware is and what it does; where the infection comes from and where it goes after it is deployed, and finally, how you can prevent this type of threat from taking a large toll on your company’s production time.

The What?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The most common of these is Crypto variants that travel through a system and encrypt its files causing them to be unusable. The encryption type used makes it improbable for anyone to break the encryption without paying the ransom. No one is safe from this infection. Although “Crypto” is predominately seen on Windows systems, recently it has been showing up on other operating systems, as well. In fact, since it can encrypt any file that the system has access to, this includes network shared files. Once attacked, it will sync up and modify all the files across the system and prevent anyone from accessing them.

The Where?

The majority of ransomware appears to get deployed through malicious email messages with attachments containing the virus. These messages look legitimate, and once opened on the system, will wreak havoc in a matter of seconds. Ransomware can also be deployed through drive-by downloads, which happens when a victim visits a compromised website. It will exploit by attacking unpatched software on the system. The least common method is deployment through a USB drive where the drive contains the ransomware and infects the system upon plugging it in.

The How?

• The number one way to be prepared for this type of attack is to have backups of all critical systems and data, and have those backups tested and verified on a regular basis. Once ransomware attacks, the only method of saving the systems and the data is through a full system restore. There is no way to decrypt the affected files, and no software will reverse it. The only recourse is to restore from backups. 

• The next way to be prepared is a bit more obvious. Have an anti-malware software deployed on all your systems, and make sure it is up-to-date and actively scanning, using behavioral analysis or some other form of heuristic scanning. 

• Thirdly, ensure that all your systems are up-to-date on security patches, and that you have a way to report on systems that fall behind with a method of patching on-demand.

• Look at incorporating SPAM blocking or scanning on your network to prevent the likelihood of these exploits passing to your users. All employees should be educated and told to be diligent in analyzing the messages they receive. They should only open emails they are expecting and only when they know the sender. Beware of attached files in emails!