Page 25 - D13906 - LBMAO - Reporter Mag_web
P. 25
software and a firewall. This gives you two
layers of defense – on both the network and
your equipment.
Filter e-mails. One of the most popular ways
to send ransomware is by attaching .exe
files or .zip files to otherwise normal looking
e-mails impersonating friends, other
employees, or even clients. Using software
to filter and block these e-mails before they
hit the user’s mailbox is a wonderful way
to safeguard users from falling victim to
ransomware.
Educate your users. Users are your last
line of defense in the battle against
ransomware. Ransomware wouldn’t be
successful were it not for unsuspecting
users downloading and executing a
piece of malware (e.g. opening an e-mail
attachment, clicking on a malicious link,
etc.). Educating users on how to spot
threats will reduce the chance of them
falling victim to an attack. Some things to
emphasize would be:
• Do not open e-mail attachments or
click on links from senders you do
not know
• Check for misspelled domains in
e-mails\
• Report any suspicious files or
e-mails to the IT Department or to obtain financial or other confidential of the phishing email. If they do, they
Information Security team information from Internet users, typically have a direct email for you to forward
by sending an email that looks as if it is the phishing email to them. After that,
What can I do when disaster strikes? from a legitimate organization, usually a or otherwise, you should block the
Even if you take the proper precautions, financial institution, but contains a link to a sender inside your email application.
a single mistake can allow ransomware to fake website that replicates the real one. 2. Generic or generalization of
enter your system. At that point, you should verb (used with object) 2. To make user: Similar to the spelling and
immediately remove any affected systems (someone) a victim in this way: If you’ve grammar mistakes, typically the
from your network. If you can restore to been phished, you should cancel your company that’s emailing you
a recent backup, you’ll be able to regain credit cards immediately. Cite: http://www. would have your name inside of the
access quickly. dictionary.com/browse/phishing introduction of the email. Cases of
“Dear Company X Client” or “Dear
PHISHING So how does one figure out if the email in Company Y Member”, or being referred
No, you don’t need a rod and a reel for question is a phishing attack or not? Here to as an ID or number has a very high
this type of Phishing! However, you may are 5 ways to tell: chance of indicating you are dealing
want the PHISHER to be used as bait! 1. Spelling and grammar mistakes: This with a phishing email.
is the easiest way to spot a fake. 3. The links inside of the email go to
How to identify phishing emails Institutions with brand recognition suspicious URLs or try to “hide” the
In today’s fast-moving technology spend a lot of money making sure suspicious URLs: This one takes a little
driven world, one of the basic methods every piece of marketing and customer bit of finesse (remember, never click
of communication is still used billions of interaction is 100%; especially when on the links!) but if you see links inside
times a day that we all can easily take for it comes to spelling mistakes and of the email, you can hover over them,
granted: Emails. grammatical errors. Once you see and it will reveal the address those
Coordinating with clients, customers, a word is misspelled, or the flow of links are connected to. If they go to:
coworkers, and consultants from our the sentence seems choppy, or non- an IP address, shortened URL (bit.ly or
offices using desktops or on the go with professional, don’t click on any of the ow.ly are the common ones), extended
our smartphones, it’s easy to see why it’s links inside of the email. Instead, call versions of the real company’s URL
still a go-to choice for many. However, this the institution on their direct line (if (for example: visa.com is the real
also leaves us vulnerable to many different unsure, open a new browser window website, visa-secure.com is NOT), non
attacks, including one of the most actively and search for their website; they HTTPS links, or even domains that
used which is known as “phishing”. always have some sort of contact us show “redirect” anywhere. If you’re
page) and inform them of this scheme. still unsure whether or not these are
To define phishing: They may or may not ask for a copy real links, you can either call up the
verb (used without object) 1. To try
www.lbmao.on.ca LBMAO Reporter - September-October 2018 25
