Last month, the WannaCry / WannaCrypt Ransomware attack spread like wildfire through the world. If you weren’t sure of some of the details, here is an excellent write-up by Troy Hunt. In fact, if you are unsure about what ransomware is, he has created a free online video course which teaches you all about ransomware in about an hour. What is clear from all the post-mortem reports about WannaCry is that the software exploited an old vulnerability in unpatched machines. What isn’t clear, is how that malware got through the firewalls in the first place. While there has been much speculation, we felt that it was probably a good time to explain the idea of phishing.
Often, if the technical systems are well secured, the only way an attacker can gain entry is via social engineering. One of the most common ways that this happens is through what is called a phishing scam.
Simply put, a phishing scam is when an attacker goes “fishing” for information by pretending to be something that they are not. The most common kinds usually involve an email from what looks like a trusted source.
The email will have official logos and may contain a message that you expect to hear from that source.
For example, this one that NZ Post has posted on their website alerts you, the “valued Customer” of a delivery pending.
But wait, I hear you ask if they look so good, how can I tell if they are a scam?
Things to look out for
- Unexpected contact – The example above from NZ Post is an excellent example of this. Thinking about all the packages you have sent, do you ever put the recipient’s email address? Or isn’t what normally happens that the sender has to send tracking links.
- Bad spelling or grammar – Often the scam emails are written poorly, have bad spelling or common grammatical mistakes.
- Dodgy URLs – putting your mouse pointer over a link will show you where the link is going to, without clicking on it. Read the URL carefully; it may be a slight misspelling of a correct URL or have the full stop in a slightly different place. For example, if the NZPost scam above could use the URL nzpost.malicious.com.
- Wants you to take immediate action – The scam email will often try to suggest that immediate action needs to occur. The NZ Post scam above indicates that there is a package on its way and you need to track it now. A typical example is where they tell you that your account has been locked, or even ironically, that there has been fraudulent activity, and that you need to click on the link immediately.
- Suspicious attachments – Most legitimate organisations avoid attaching things to emails, and if they do, it will usually be from a direct request (e.g. you are downloading an invoice, or you have asked for a file)
What happens if I’ve clicked?
If you think your machine has been compromised, immediately take it off the network (unplug it from the router, or the network), and shut it down. If you have an ICT provider, contact them immediately with exactly what you think it is. If you have many machines on your network then you will need to ascertain how far the damage has spread. You will need to do a complete scan of your computer, or perhaps of all the machines on your network. If you are unsure at this stage, it will be better to call in a professional. You should also ascertain when the last time you successfully backed up your data. The WannaCrypt attack worked by encrypting (locking) all the files on an infected machine, and they did not unlock it unless you paid a monetary ransom. If you had a backup of the data from before the infection, an expert will be able to restore the backup.
How do I protect myself?
Apart from being suspicious of all unsolicited emails, there are a variety of things you can do to ensure you remain protected.
- Always keep your computer up to date. If there is an automated system for updating (for example Windows Update), then use it to keep your system always up to date.
- Use a password locker. One of the most common scams is to phish for your password. If you use the same password for everything, then when you are compromised, you will need to change the password on everything. There might even be sites you have forgotten about. Using a password locker will mean that you can easily generate new passwords whenever you need another password, and all your passwords will be random and different.
- Have an up to date anti-virus software.
Call the experts
We understand that this is very complicated. If you are a small to medium enterprise, we can take a lot of this mental load on. Our remote management software alerts us when a machine is not up to date, and if something is compromised. We also do a full cloud backup service where we can restore data for you at any time. Talk to us today.