What’s old is new, and what’s new is…
I was going through some old press clippings from the early days of NetData and came across a column I did for the Destin Log back in 1999. The piece had to do with chain letters, junk email, email scams, and the like, and how not to fall for them. I humbly stood on my soapbox and in my best grandfatherly voice, broke the news that they weren’t getting free money from Bill Gates, no matter how many emails they forwarded.
What really struck me was that after 18 years, nothing has really changed. In 1999, the Internet was still in its infancy and completely untamed (again, not much has changed there either). It was so new that many people (incorrectly) assumed everything that came across it was ‘THE TRUTH.” We were all used to going through physical junk mail and weren’t as adept at picking out junk from the digital version.
When junk email was junk email
Back then, junk email was simply junk email. Virus authors didn’t have the tools to create some of the truly inspired attacks as we see today. Now, I’m scared to open any email I receive from someone I’m not familiar with. The antivirus products we use today are light years beyond what we had in 1999, but they can only do so much. We, as users, have to pay attention to what we click.
It still comes down to folks reading what is in front of them and paying attention to irregularities in the message. Would you normally get an email from the board president asking you to wire $10,000 to another director’s account? Probably not. How about one from IT Support letting you know your account is locked until they receive you user name and password to unlock? Not likely. Take the time to read before clicking the handy self-service link at the bottom of the message and give the keys to the kingdom away.
Not your fathers’ fishing
Email attacks come in various forms, but the most popular one now is the ‘phishing’ attack. Phishing is the act of sending out an email with the intent of hooking you into clicking a link or providing personal information to the bad guys. Most phishing attacks are obviously written where English is their second language. You will find poor or weird word choices, misspellings and just strange requests.
The best and most effective attacks use images and logos from the legitimate site, are well written and are requests that are not out of the ordinary. I’ve received ones where supposedly PayPal wanted me to unlock my account by logging in, and helpfully supplied me with a link to do so. It looked really legitimate, so much so I really had to question if it was real. The best way to handle these situations is to not follow the email link but go directly to the Website. If the request was for real, the Website will take care of any action needed to get you going again.
Knowledge is power
To help our customers learn more about the do’s and don’ts of online life, we partnered with KnowBe4, a security training company. KnowBe4 has both training and testing tools that helps us to find the holes in a customer’s security profile and then provide remediation for fixing those holes. After going through the training with KnowBe4, it still boils down to one thing – think before you click.
Email is a wonderful tool. I could not function without it. But remember, while not every junk mail is a Trojan horse for a Trojan horse virus, every letter from an African prince is asking to transfer funds to you is.