Since the dawn of the internet and email, spam messages have been in circulation. From Nigerian Princes looking to share their wealth to virus’ being sent in the shape of a virus scanner, identifying spam has always been a crucial element to the safety of users and their businesses. In 2018, spam emails accounted for 45% of all emails sent, totaling 14.5 billion messages per day. Now more than ever as scammers create more elaborate messages, we need to understand which spam practices are possible, and what we can do to protect ourselves. Today we’re going to look at common spammer practices, user spam education, and software/hardware that can help save you from the next big scam.
On December 13th of this year, a spam message originating from Moscow, Russia was sent across the United States demanding a cryptocurrency payment of $20,000. The message was incredibly widespread, and even one of our clients had received their own version. According to the message, if payment was not received by the end of the day, an explosive device would go off in the building. While this is an extreme example of spam, it is important to recognize that some people will go to extreme measures to try to get a payday. Authorities were notified across the country, and in every single location that the message was received, not a single explosive device was found. While it’s absolutely justified to notify the authorities about a message as serious as this, there are also some early warning signs that can help identify the threat as a generic and false threat.
Generic Information: All information within the messages received was extremely generic. Not a single actual name was said for a person, or the name of any business. Information shared from the spam messenger could be applicable to any receiver.
Foreign Origin: Immediately our team as well as others who received the message traced the IP address of the sender, and recognized it originated from Moscow, Russia. In addition, the email address the message came from was a generic random name, with a completely different name assigned to the address.
These warning signs alone were not enough to immediately consider yourself safe, but it’s information that can quickly be checked to elaborate the severity of the threat.
Not every spam message will be so sinister. Another common strategy used by scammers is to appear incredibly legitimate, sometimes even disguised as a member of your own company. This past October spammers infiltrated the Better Business Bureau, gaining access to a high-ranking user’s email (or at least appearing to). Once they had access, the spammers sent emails to lower level employees requesting they purchase gift cards for their boss, and that they’d be reimbursed later. These emails have no real calling card that screams illegitimate, they’re coming from actual addresses and people you know. The best immediate defense against phishing attacks such as this case is direct communication. If a situation is out the ordinary and feels potentially malicious, make a phone call or talk to the sender in person if any way possible. Afterwards, always notify the IT department in order to prevent future emails being sent. If spammers have access to one person’s email in the company, it’s possible they have access to even more emails.
Phishing attacks don’t always come from someone within your own company, it could be coming from any person pretending to be a company that is legitimate. You could receive an email that appears to be from Facebook, asking for password confirmation or reset, or from Google asking to confirm your account status. Potentially one of the worst and most dangerous of all phishing/spoofing emails may include an attachment. An attachment that once opened, could have a devastating attack on your work computer, or even the entire network.
For years, scammers have created all-consuming virus’ and software that can completely lock down a computer or even a network, typically requesting some form of payment to regain access to your files. Commonly known as ransomware, trojans, or malware, these are executable programs built by professional spammers, made to appear completely harmless. An email could be received with an attachment such as “birthdayparty.jpg” that once opened can take over your entire computer. Email protection hardware/software exists that can help prevent these cryptic attachments, typically by scanning and previewing them before you actually open it, but we’ll get to that later.
Identifying Spam/Educating Users:
The strongest (free) tool that you have against scammers and spam messages is education. Encourage users to read up on spam attacks like we mentioned in this blog. Communication with the IT department when suspicious emails arrive, as well as communication with the real sender are always encouraged. Both fortunately and unfortunately, platforms like Google and Microsoft have taken away most of the hassle for us these days. It’s now a rare day that obvious spam messages make their way directly to our inbox, and not in our spam folders. While these tools make it convenient for our users to not have to sort everything themselves, it also makes us trust everything that comes in our Inbox, which is almost more dangerous. Always take the time to check the full address of suspicious emails in your inbox, the domain name of origin can be a huge hint and can save you from unwanted scams.
Email Protection Services:
Unfortunately, even well-trained employees won’t be able to identify every spam message. Eventually, some are bound to get through. If your business is ready to take your email protection to the next level, it’s probably time to consider some protection services. For example, SimpleFly Tech partners with Barracuda to protect our clients. On a subscription service, Barracuda protects users from all malicious inbound emails. To learn more about our Barracuda services, you can check out our email protection page. Email protection services are not reserved for larger corporate sized businesses, it’s becoming common practice for small businesses alike to protect themselves and their employees from these scammers and email attacks. Threat protection, unsecured email protection, malware protection, and phishing protection are just the start of what email security services can offer. Typically, these services come packed with features that are far more than just protection, including backup solutions, email archiving and much more. The cost of an email protection service is pennies compared to what’s at stake without them. Being ahead of the game and protecting your business before anything malicious happens is the best step you can take for ultimate protection.
Email protection services can easily be overlooked if it’s not on the agenda of your business or your IT team, educating yourself, your users, and knowing how to protect yourself and your company is extremely valuable. Don’t allow yourself to become a victim of spam attacks. Do your research or have the professionals do it for you. For more information, feel free to leave a comment below or reach out to firstname.lastname@example.org.