Med One to One JUL / AUG / SEP TWENTY EIGHTEEN ISSUE 57

Combatting Internet Bad Guys

Written By: Randy Smith

Combatting Internet Bad Guys

Many of you have heard the terms phishing and domain spoofing. If not, these terms are used to describe when you are spoofed by the appearance of a recognized email account, when infact it is a hacker. For example you could get an email from “something”@medonegroup.com but in reality the email is coming from another unreliable source. It is similar to when you receive telephone calls offering services to help you get rid of a virus, or even see pop-ups on your screen when you are looking for information on the internet. These are all designed attempts by dishonest people to get information from you that would allow them to steal from you, your family, your contacts, or your company.

Phishing and domain spoofing usually begin with an email message that looks like it is from someone you know, requesting something from you innocently. The first step the hackers take is to make sure the account they are phishing is real. For example, they act as someone you may know and simply ask you to respond to the email. As soon as you do, the criminals at the other end now have a verified email address. Another method is to get you to unsubscribe to junk emails. As soon as you unsubscribe, you have also verified the legitimacy of your email account.

Once the account has been verified, the hacker starts aggressively pursuing you with messages that may seem real but are further attempts to get information and money. They even sell the account information to other hackers. Any clicking on a phishing email link can open up your account to be hacked. I have seen a case where when the link was selected, it created a forward on the users account that sent a copy of every email they received to a hackers account in Russia. The Russian hacker soon knew all of the user’s contacts, PO numbers, purchase amounts, vendors, customers and even what invoices were sent. They then pretended to be a vendor and provided electronic payment information for known invoice payments.

If the hacker is sophisticated enough to perform domain spoofing, they can send an email that looks like it came from a legitimate email account within the company. Corporate officers and those dealing with company finances are targeted the most. This is called “spear phishing.”

The more information the hackers have, the better their misdirection gets.

What can be done to protect against these attacks?

In a recent email to all of the Med One employees, our President and CEO, Larry Stevens recommended the following reality checks:

1 Does the request seem at all out of the ordinary or odd to you in any way?

2 Examine the email address carefully. If the request is from someone you know but the email account doesn’t match what you know it should be, then you can be pretty sure it is not really from the person you expect.

3 Is the request asking you to do something that is outside of established guidelines?

Other cautions you can take include:

1 Never unsubscribe from an email unless it is from a source you specifically signed up for. Once your email is learned by one source, it can take years for it to clear even if you never unsubscribe again.

2 If you receive a telephone call “usually from Microsoft support” indicating that they have been notified of a problem on your computer, hang up. They are wanting you to log into the computer and go to a specific website so they can have unlimited future access to your computer. Your computer does not send your telephone number out to anyone, so you can be assured the call is fake.

3 Email payment requests of any kind should be verified through other sources. Never reply to an email to receive verification. To be sure the email is from the correct source, you can freshly type in the email you know to be valid. Although the email domain spoofing looks real, it has an underlying fake email account that the reply would go to. Typing in the email address directly bypassing the fake account.

4 If all else fails, get on the phone and call the person.

As fast as the hackers are changing methods, the technology to protect against attacks is also becoming more sophisticated. A lot of artificial intelligence methods are being employed. Virus definition pattern checks are better than ever before, domain spoofing can be all but stopped, and email blocking is much better. For example, the new software protection tools look at current patterns inside the company and detect if something is out of the ordinary. These outliers can then be isolated to be reviewed by the intended recipient for legitimacy. If an email pretends to be from someone it is not, it is also isolated. There are also simulation tools that allow organizations to send out fake phishing attempts of various types to get employees used to what they could expect to see and how they should respond.

The attempts by some to find ways to steal from others will not go away. The thieves will continue to try new ways, especially as the technologies improve. After all is said and done, we should all be cautious and give emails the “reality checks” as our CEO Larry Stevens has suggested.



Prev Article Next Article