Email Safety Tips
This past Friday, the world experienced a cyberattack unprecedented in scope and potential impact. Starting in the UK and Spain, the malicious WannyCry / WannaCrypt software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannyCry / WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency. Microsoft had released a patch in March to protect customers with Windows 7, 8, and 10 from this vulnerability, however many users running older operating systems or unpatched computers were affected.
By combining Ransomware and a computer worm, the risk of infection is extremely high if you or a co-worker are not paying attention and accidentaly open one of these phishing email attachments. Not only will your computer be infected, but so will every other computer on the network.
With that in mind, please review these tips for email safety. YOU and your knowledge are the best defense against these malicious emails and the real pain that they can cause. Be cautious, be critical, and above all, do not automatically trust email attachments that you are not expecting – even if they appear to be from someone you know.
- NEVER open an attachment unless you know what it is and who sent it. If you have any doubts, contact the sender by telephone to ask if they sent it. It would be better to delete a legitimate message and have to have it sent again, than to open a malicious attachment and suffer the consequences of having your computer infected with a virus. Do NOT reply to the original message or send a new message to the sender’s e-mail address. The e-mail account may be hijacked, and the attacker may reply to your email instead of the actually account owner.
- NEVER reply to suspicious messages or forward them to friends.
- NEVER click on links or copy Web addresses from within messages.
- NEVER enter your personal information into a pop-up screen. Sometimes a phisher will direct you to a real organization’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Install pop-up blocking software to help prevent this type of phishing attack.
Staying informed and knowing how to identify harmful messages is the easiest way to protect yourself and keep your computer virus-free. Regardless of whom a message claims to be from, it is always necessary to use common sense and caution when checking your e-mail.
Stay safe out there,
Steve Waters
CISO
