Malware comes in many guises. Below are a few helpful tips on how to spot it. This blog is a companion piece to a recent video blog our New York City team produced, which you can watch here.
Many of the cases Kivu typically receives start when an end user clicks on a phishing email. These phishing emails look like they are coming from trusted sources, enticing the user to interact with a malicious actor’s advances. This can ultimately lead to malware being downloaded such as banking trojans. Banking trojans like Trickbot and Emotet can harvest credentials directly from the users’ computer. This can include logins for banking websites or even Office 365. But Spotting the Phish can be surprisingly easy to do if you know what you to look for.
One place to look at can be the salutation. How are you being greeted? If there is no salutation, or if your first name is replaced with something generic such as Dear Valued Customer or Dear User, this may be an indication of a phishing email. But that alone will not tell the whole story. Next, observe the wording in the body paragraph. Is it riddled with grammatical errors, spelling mistakes and contractions? A poorly written email may be a giveaway to a phishing attempt because many criminals are not native English speakers. Also, consider looking at the email address from which the message came. Genuine emails come from genuine domain addresses, so you should never expect to see “CustomerService@[yourbank]450.com”. Furthermore, organizations can set up email rules that warn users when an email is coming from an external domain. This rule can be set to have banners that read “EXTERNAL” in the subject line. Be on the lookout if you receive an email from someone inside your organization that is flagged as an external message. This may be an indication that the email address was spoofed.
Another clue: your trusted companies should not send you attachments unexpectedly. Kivu handles many cases where banking trojans come in through attachments appended with malicious macros. When this attachment is opened and macros are enabled, the malware is downloaded to the computer and can spread from there. Even though it is normal to receive attachments from trusted institutions, consider if this kind of activity is expected or comes out of the blue. If there is any part of the email that looks suspicious or throws you off, consider reaching out directly to the sender. A simple text or call to confirm the legitimacy of an email can never hurt.
Lastly, be careful when clicking on links in an email. Here are a few precautions you can take:
The text for the hyperlink may look legitimate, however, if you hover over that link it may be a different URL to the one you’re seeing displayed. This is a quick and easy way to check for a malicious URL. If you are ever unsure about a URL and know where it should be directing you, open up a browser and navigate to the organization’s site directly by entering the address in the URL bar at the top, or by using Google. Taking an extra 5 seconds to type in a URL, rather than clicking on a link, can go a very long way in keeping you secure.
When entering your credentials into a website, always be on the lookout for the type of protocol being used. Is it HTTP:// or HTTPS:// ? Most websites use HTTPS. This means that the website is secure, and any credentials entered into the site will be encrypted before being sent through the network. This is one way to prevent a “Man in the Middle” attack. Luckily, programmers recognized that looking for the ‘HTTPS’ in a long URL can be cumbersome, so a little padlock was created, which is now always displayed to the left of the URL at the top.
So we have covered what to look for in your inbox and web browser; but what about passwords? To start, it is important to note that you should never write down your passwords on a sheet of paper. Instead, consider using a password manager that can be downloaded online or from your phone’s app store. Password managers encrypt and store your passwords in one central location, making it easy for you to reference.
As for the password itself, be certain you are not using the same password twice. If a malicious actor cracks a duplicated password, it immediately gives them access to two accounts. It’s also good practice to use passphrases rather than -words. This is when you use a short sentence as the password, making it harder to crack and – added bonus – easier to remember. To bolster that, be sure to substitute letters for similar looking special characters and numbers to add an extra degree of strength. For example, your love of baked goods may translate into a password that looks like 1L0veC00K!3$. Lastly, be sure to check out the organization’s security page on their website to see if multifactor authentication (MFA) is available. MFA is one of the best practices you can incorporate as it provides layered security: something you know, something you have, and something you are. In summary, it is important to take the time to wisely choose a password and explore other security measures out there.
The best thing that all of us can do to remain safe online is stop rushing and to think before we act. Attacks are preventable, which is why it is important to always remain vigilant, question information and utilize the tools available to you.
We hope you never need our services, but if you find yourself in the middle of an attack, Kivu is here to help.