No need to go to the door to check. Ransomware is still there!
I received an email from Yahoo with the subject line, “Help Keep Your Account Secure.” I looked at the actual email address and found it to be Yahoo[at]communications.yahoo.com.
That all sounds pretty reasonable, right? Why would I have any hesitation in opening this purportedly helpful email? For three reasons: 1) I’d just read a Yahoo announcement admitting 1 billion accounts hacked in addition to a previously reported 500 million; 2) the email had been sent to a public email address, not my personal address; 3) the email opened, “Dear Jeff” totally unaware what my name is! Needless to say the email was marked as SPAM.
By the way, the intent of the email was to encourage me to take “extra steps to help you keep your account secure.” They had “noticed you haven’t changed your Yahoo password recently.” Which of course is most intriguing as I don’t have a Yahoo password. Recent or late.
They had some internal links and an authentic looking signature from Bob Lord, Chief Information Security Officer, Yahoo. It all looked right. Except. And those exceptions were noteworthy, keeping me from giving any credibility to such an email, whether from Yahoo or not.
Behind the Scenes
Be careful! Who knows what’s happening behind the scenes?! This kind of phishing email, seeking to collect information from careless users, is the step just prior to the Ransomware attack. Gain information that gives access to the computer. Then load the cryptographic virus. Then hold for ransom!
Ransomware most commonly enters your organization through a phishing email with a malicious link. However, it can also infect computers through web browsers, corporate websites, and inadequate network firewalls.
Protecting yourself from ransomware requires a multi-layered defense to block ransomware from all kinds of attack: email, your website, web browsers and any device attached to your network. Users must be educated about how to detect suspicious emails and activity. Your response to this attack is a comprehensive backup system to protect data. Your best defense strategy? Don’t let it in. Be alert to phishing attacks by noticing the little things that don’t add up.
As a service to our readers, here’s a link to an educational slide-deck giving 10 tips for Identifying and Dealing With Phishing Email. This is an easy to read presentation with good visual illustrations regarding what a phishing attack looks like and how to stay off the hook.