Given the recent ransomware attacks and the widespread Google phishing hacks earlier this month, in this month's newsletter we decided to review some best-practices.
Google Phishing: If you're like so many of us, you might have received a mysterious Google Doc in your Gmail earlier this month. The email was formatted in such a way that made it enticing to click on it to see what the document contained, and they often times showed up from people in your contacts list. Google announced afterwords that this was a widespread phishing attack, and warned users not to open these emails.
My feedback is always the same here: Don't click on links or attachments in emails you are not explicitly expecting. This is true even if the email appears to come from someone you know and trust. There are ways to fake making an email look like it comes from someone you know. The account sending the email could have been hacked. Or, as in this case, the account wasn't hacked but the hackers were still granted access to the contact list and email-sending capability (which more or less achieves the same result).
If an unexpected email looks reasonable, the best bet is contact the alleged sender. Send them another email or call them and ask if they sent it. I know this seems silly but one of my clients prevented an encryption virus because she asked the alleged sender!
As relatively harmless as this hack was, it can only be viewed as a test or proof-of-concept for far worse things to come. And they will come.
One of the big things about this that I'm trying to get people to realize: If you can imagine a way to be a jerk online or with YOUR computer or YOUR data, there's someone out there doing it or, if not already doing it, figuring out how to do it AND they're figuring out how to make it profitable. Since these are specialists and most people aren't, they're also likely thinking of things even more complex and devastating than even my most devious customer. These hackers do this AS THEIR JOBS. They have the time and the resources to accomplish their goals. People need to realize that the internet, as great and useful as it is, is not a friendly place. It can be mostly dangerous with a few safe havens.
Maybe a good analogy would be imagining if your home were a castle. The outer wall has several guarded doors in it for couriers to pass through with data (websites, pictures, emails, etc.). This wall and doors represent your firewall. The guards are your antivirus software (they subjectively assess the couriers and their packages and they will make mistakes). Now, imagine, if you will, this castle is in the center of a sleazy city where every single of those doors opens onto a dark back alley. Some of your couriers never return, some of them are replaced with spies or assassins, but most of them go about their business just fine. When you click on a link, you just told the doors the link requests to open and your guards to let the related courier and packages through. Unless they explicitly know it's a threat or it blatantly acts threatening, they're going to obey your orders and let it through. his is why you have to be extremely cautious of any link you click on (not just in emails).
Ransomware Attacks: If you'll recall, earlier in the month the world endured some global ransomware attacks that were pretty devastating to hospitals and other public services. The thought of attacks like these can be scary. Our advice? The best way to prepare for ransomware attacks is by prevention, not reaction. This is a great article that explains what ransomware can look like. Our advice on ransomware is the same as the FBI's: don't pay the ransom. There are two reasons for this: 1) It allows them to make a profit, which only encourages them to keep doing it. 2) There is no guarantee they'll honor their side, returning your data.
The Internet can be a scary place, but we're on your side at Glospey Computers. If you ever have any questions at all about phishing or ransomware attacks, we're here for you. Don't hesitate to reach out. Contact us at 401-787-5297 if you ever have any questions.
- Tim at Glospey Computers
Google Phishing: If you're like so many of us, you might have received a mysterious Google Doc in your Gmail earlier this month. The email was formatted in such a way that made it enticing to click on it to see what the document contained, and they often times showed up from people in your contacts list. Google announced afterwords that this was a widespread phishing attack, and warned users not to open these emails.
My feedback is always the same here: Don't click on links or attachments in emails you are not explicitly expecting. This is true even if the email appears to come from someone you know and trust. There are ways to fake making an email look like it comes from someone you know. The account sending the email could have been hacked. Or, as in this case, the account wasn't hacked but the hackers were still granted access to the contact list and email-sending capability (which more or less achieves the same result).
If an unexpected email looks reasonable, the best bet is contact the alleged sender. Send them another email or call them and ask if they sent it. I know this seems silly but one of my clients prevented an encryption virus because she asked the alleged sender!
As relatively harmless as this hack was, it can only be viewed as a test or proof-of-concept for far worse things to come. And they will come.
One of the big things about this that I'm trying to get people to realize: If you can imagine a way to be a jerk online or with YOUR computer or YOUR data, there's someone out there doing it or, if not already doing it, figuring out how to do it AND they're figuring out how to make it profitable. Since these are specialists and most people aren't, they're also likely thinking of things even more complex and devastating than even my most devious customer. These hackers do this AS THEIR JOBS. They have the time and the resources to accomplish their goals. People need to realize that the internet, as great and useful as it is, is not a friendly place. It can be mostly dangerous with a few safe havens.
Maybe a good analogy would be imagining if your home were a castle. The outer wall has several guarded doors in it for couriers to pass through with data (websites, pictures, emails, etc.). This wall and doors represent your firewall. The guards are your antivirus software (they subjectively assess the couriers and their packages and they will make mistakes). Now, imagine, if you will, this castle is in the center of a sleazy city where every single of those doors opens onto a dark back alley. Some of your couriers never return, some of them are replaced with spies or assassins, but most of them go about their business just fine. When you click on a link, you just told the doors the link requests to open and your guards to let the related courier and packages through. Unless they explicitly know it's a threat or it blatantly acts threatening, they're going to obey your orders and let it through. his is why you have to be extremely cautious of any link you click on (not just in emails).
Ransomware Attacks: If you'll recall, earlier in the month the world endured some global ransomware attacks that were pretty devastating to hospitals and other public services. The thought of attacks like these can be scary. Our advice? The best way to prepare for ransomware attacks is by prevention, not reaction. This is a great article that explains what ransomware can look like. Our advice on ransomware is the same as the FBI's: don't pay the ransom. There are two reasons for this: 1) It allows them to make a profit, which only encourages them to keep doing it. 2) There is no guarantee they'll honor their side, returning your data.
The Internet can be a scary place, but we're on your side at Glospey Computers. If you ever have any questions at all about phishing or ransomware attacks, we're here for you. Don't hesitate to reach out. Contact us at 401-787-5297 if you ever have any questions.
- Tim at Glospey Computers
RSS Feed