“I have installed antivirus software but I’m still receiving scam malicious email!” Sounds familiar, doesn’t it?
Email inboxes are still the most effective tool for cyber criminals to steal sensitive data and access computer networks. Most companies use antivirus software expecting to stop new threats or advanced malicious email attacks. Unfortunately, this is not always successful.
Scam emails are a real concern because they are often used to deliver new ‘fast-break’ or ‘zero-day’ attacks. Endpoint antivirus software can identify known threats and assist in stopping threats delivered via other means such as flash drives or USB but zero-day malware received in scam emails is likely to remain undetected by any antivirus software.
Cyber criminals consistently adapt and develop their exploitation tools at a fast pace. It can take hours or even days for antivirus vendors to identify new threats and organize software updates. Further, delays then occur while their customers download and install those updates. During the updating process, unprotected computers are susceptible to attack.
Because sophisticated cybercrime networks are familiar with traditional antivirus solutions, they will examine and improve their attacks to ensure success.
In one specific email scam that had been intercepted, scammers used over 160 variations of the attack to stay ahead of antivirus updates.
Companies that rely on antivirus protection alone put their data-security at serious risk. Cyber criminals know that humans are a cybersecurity loophole. Their objective is to get malware emails into a company’s inboxes, because people are much easier to trick than machines. If just one person inside a company opens a scam email and clicks on a link, they can infect the whole company’s computer network.
Have a look at the screenshot below. This is an actual scam email that was intercepted earlier this year.
Here’s our tips on how to spot a malicious email:
- Use your Outlook Reading pane to look at the email.
- Check the email address it is being sent from. The displayed name may be legitimate but what does the actual email address say?
- Look at the link in the email. Is it related to the company that is sending the email?
- Look at the language in the email. Is it generic? Does it say dear customer?
- Examine the attachment name. Is it generic? Is it something you recognise?
- If in doubt call your IT department/partner or delete it.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on 1300 478 738 or email us at info@suretyit.com.au.
