It has become more and more common to receive
fake email messages that hide a malicious code with
the objective to overthrown our computer’s security.
Such can be even more dangerous when you are inserted in a corporation network. If your computer gets infected,
chances are that other machines within the network will be infected too.
It worries me that in the last couple of days, several clients reported getting a lot of these messages.
Lets recap a bit:
This kind of message is usually a
virus or something often known as
phishing (for those who are still unaware of this please check it out following the links in each one of the words).
I shall not lose any time on these subjects because it is not the main objective of this article. Let me just add that your computer is
more important to a hacker than you might imagine!
What to do with these messages is the reason that lead me to this article.
It will be great if you have an antispam / anti-phishing / antivirus system
properly installed and updated in your computer or in the company’s email server. Chances are that the odds of getting such messages or not getting alerts pointing out the danger of the same will be highly reduced.
In such cases, either the message is blocked on the spot or you get an alert about the menace it represents.
However, there are no
foolproof systems and the probabilities of getting such messages in our email box are still big.
These messages are usually written in English (although I had the chance to see some in Brazilian portuguese and even some Portuguese from Portugal – linguistics, please excuse my very unusual and untechnical way to approach the topic!).
In most cases, they copy the features and layout from the original message (ex: the same frontend design, a similar kind of text, real topics and real issues as the ones discussed in reality and so on.).
The links you can see in these type of emails, are at first sight, related to the supposed author of the message (ex: http://www.microsoft.com/downloads/file.xpto).
Topics are appealing and grab your attention always with the purpose to make you feel obliged to give attention and follow-up, which is really the main goal here.
Related examples to these kind of messages:
- Windows or Office Update;
- Payment still pending for purchase X;
- Purchase Y confirmation;
- There was an access attempt with your username…;
- Important News to…
And much more.
Messages are getting so complex that in some cases it’s really
hard to distinguish the valid message from a fake one.
Even expert users can be caught sometimes in these kind of scams.
What to do:
-
Nothing! (unless erasing the message…)
I mean, the hacker wants you to take some sort of action: clicking on the link present on the message, open the attached file, replying and so on.
You should never do any of those mentioned above. Doing those will only result in serving the hacker’s goals.
You should always be suspicious about any kind of message that requires action from you (links, attached files), and only give full credit to the ones that are believed to be logical and expected.
If any doubt appear, just forward the message to the System Administrator for a full evaluation.
When dealing with a message that asks to click on a certain link, you can quickly check if the message is authentic
without clicking on the presented link (URL).
How to do this:
Most email applications (one of the most common is Outlook) presents the address (link) and when we pass above that address with the mouse pointer it shows a box (which vanish quickly…) with the address that will be open if you click in the address present in the message.
Example:
Imagine you have a message, supposed to have been sent directly from Microsoft for you to update your computer and in the body-text one can read the following: CLICK HERE TO UPDATE YOUR COMPUTER.
When we pass the mouse pointer on the text with the link, an address shall appear, and that will be the most important to analyze.
Most fake addresses presents something like this:
http://updates.microsoft.com.
xpto.net/somepage.php
(it is usually more complicated but I simplified this one for clarification purposes)
If we check the address, from left to right, as we usually do, you’ll get the initial idea that such comes from Microsoft (http://updates.microsoft.com...) , however, Internet addresses are really important from right to left. In this case:
.net – would be the first element
xpto – the second element
updates.microsoft.com – would come after
In the related case, the real website where we would be redirected after a click would be a fake one ( xpto.net), what comes before the website (updates.microsoft.com) can be placed in any website that we want. The extension (xpto.net) is however much more difficult to modify.
This being so,
the important is to always analyze the last part on the address.
If it is not EXACTLY the public and known address from the supposed sender, then you must
not click on that address.
Something also much used to deceive users is to use fake addresses but very similar to the real ones, ex: microsofta.com, mymicrosoft.com, microsoft-updates.com and so on.
If you feel suspicious about it…the main rule is:
DON’T OPEN and/or DON’T follow the instructions on the message. Ask assistance from your Network Administrator.
For my final statement, I do inform that most institutions, at least the most reliable, little use the email as a method to ask for those kind of operations, mostly due to the problems stated above. This being so, you should always be suspicious every time you get an email message with the topic for data update or with attached files within it.